Cybercriminals compromise Google’s Salesforce database through voice phishing

Google confirmed a breach in its corporate Salesforce database used for small and medium-sized business contacts by cybercriminal group ShinyHunters, also known as UNC6040, according to a recent report by The Cyber Express. The attackers gained unauthorized access through voice phishing, convincing employees to authorize a malicious connected application in Salesforce. By using a modified Data Loader tool, they exfiltrated basic business information. The breach, not due to a Salesforce vulnerability, showcases the effectiveness of social engineering in cyberattacks. UNC6040's emergence and extortion attempts by UNC6240 post-breach highlight evolving tactics in data theft and ransom demands. This incident underscores the rising threat to cloud-based systems like Salesforce, emphasizing the need for user awareness and enhanced security measures. The attackers' use of phishing panels and compromised accounts signals a shift towards sophisticated tactics. Organizations must prioritize user training, access controls, and ongoing security measures to combat evolving cyber threats and mitigate long-term risks. Source: The Cyber Express