Latest news with #dataexfiltration
CNN
2 days ago
- Business
- CNN
Hackers are using a modified Salesforce app to trick employees and extort companies, Google says
Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies, Google said on Wednesday. The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said. The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader. If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said. The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks. Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said. A Google spokesperson told Reuters that roughly 20 organizations have been affected by the UNC6040 campaign, which has been observed over the past several months. A subset of those organizations had data successfully exfiltrated, the spokesperson said. A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.' The spokesperson declined to share the specific number of affected customers, but said that Salesforce was 'aware of only a small subset of affected customers,' and said it was 'not a widespread issue.' Salesforce warned customers of voice phishing, or 'vishing,' attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
CNN
2 days ago
- Business
- CNN
Hackers are using a modified Salesforce app to trick employees and extort companies, Google says
Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies, Google said on Wednesday. The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said. The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader. If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said. The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks. Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said. A Google spokesperson told Reuters that roughly 20 organizations have been affected by the UNC6040 campaign, which has been observed over the past several months. A subset of those organizations had data successfully exfiltrated, the spokesperson said. A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.' The spokesperson declined to share the specific number of affected customers, but said that Salesforce was 'aware of only a small subset of affected customers,' and said it was 'not a widespread issue.' Salesforce warned customers of voice phishing, or 'vishing,' attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
CNA
2 days ago
- Business
- CNA
Hackers abuse modified Salesforce app to steal data, extort companies, Google says
Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies, Google said on Wednesday. The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said. The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader. If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said. The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks. Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said. A Google spokesperson did not share additional details about how many companies have been targeted as part of the campaign, which has been observed over the past several months. A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.' The spokesperson declined to share the specific number of affected customers, but said that Salesforce was "aware of only a small subset of affected customers," and said it was "not a widespread issue."
CNA
29-05-2025
- Business
- CNA
Singapore data handling firm DataPost probing alleged ransomware attack
SINGAPORE: Data handling service provider DataPost is in the early stages of investigating an alleged ransomware attack, the Singapore-based company said on Thursday (May 29). DataPost, which works with government agencies and financial institutions, among others, told CNA its investigations "will take time to complete". In response to queries from CNA, a spokesperson from the Personal Data Protection Commission (PDPC) said that it is aware of the case and is also investigating. In ransomware attacks, threat actors typically use malicious software to encrypt files on servers, then demand a ransom in exchange for unlocking these files. The alleged attack on DataPost was recorded on May 26 and flagged the next day by infosecurity blog RedPacket Security and cybersecurity platform HookPhish. The breach led to data exfiltration, or the unauthorised transfer of data, and appeared to involve multiple tools and personnel, suggesting a coordinated attack, according to RedPacket Security. The threat group was identified as "direwolf", and allegedly used various infostealers – or malicious software that breaches computer systems – to gather the data. CNA has contacted DataPost for further comment on the scale and severity of the attack. DataPost provides e-invoicing services to financial institutions, insurance companies, telecommunication companies and government agencies in Singapore and Malaysia. It handles over 40 million documents per month, according to its website. The company said its facilities are audited annually by banks and third-party auditors to ensure compliance with data security and operational security requirements. Singapore's Infocomm Media Development Authority (IMDA) has accredited DataPost as the service provider for InvoiceNow, a nationwide e-invoicing network. Through InvoiceNow, companies can transmit e-invoices in a standard digital format across different finance systems. DataPost told CNA that it will comply with all regulatory obligations throughout the course of the investigation.
TechCrunch
08-05-2025
- Business
- TechCrunch
VC firm Insight Partners confirms personal data stolen during January hack
Venture capital firm Insight Partners said it will alert an unspecified number of people that their personal information was stolen during a cyberattack in January. The VC firm confirmed in an updated statement this week it was planning to notify affected people on a rolling basis beginning 'in the next few days.' The company said the stolen data includes personal information about its current and former employees, and information relating to its limited partners — the investors who provide capital to Insight's venture funds but whose names are typically kept private. Insight said the stolen data also includes information about certain funds, management companies, and portfolio companies, including banking and tax information. This is the first time Insight has acknowledged that data was exfiltrated during the January cyberattack on the firm. The company previously attributed the hack to an 'sophisticated' social engineering attack, but has not yet provided evidence for this claim. The specific nature of the attack remains unclear. A spokesperson for Insight Partners did not immediately return a request for comment. The VC firm has more than $90 billion in regulated assets under management, making it one of the largest tech startup investors in the world. Insight has helped to fund cybersecurity giants, including Wiz and Armis. Insight Partners is the latest venture capital firm in recent years to experience a cyberattack. In 2021, Silicon Valley venture firm Advanced Technology Ventures was hit by a ransomware attack that allowed criminals to steal data on the firm's limited partners.
