Tech Radar reports that the ShinyHunters cybercrime group has developed a sophisticated method to breach corporate Salesforce environments by exploiting OAuth trust, leading Microsoft to implement new security upgrades.The ShinyHunters group targeted Salesforce users by tricking them into authorizing a malicious Salesforce Data Loader application, which then requested OAuth permissions. This allowed attackers to access Salesforce data through legitimate APIs, making their activity appear normal. Reports suggest up to 700 victims were affected over a year-long campaign. The attackers evolved their tactics by compromising third-party SaaS providers integrated with Salesforce, such as Salesloft's Drift integration, Gainsight, and Klue. By stealing OAuth tokens or integration secrets from these vendors, ShinyHunters gained access to hundreds of downstream customer Salesforce environments without direct interaction.Microsoft has responded by enhancing Microsoft Defender for Cloud Apps with richer telemetry for near-real-time detection and improved governance over OAuth-connected applications. These upgrades aim to provide better visibility into connected applications, detect suspicious API and OAuth behavior, and strengthen the management of connected apps through permission analysis and risk scoring. Microsoft emphasized that the attacks did not exploit a Salesforce vulnerability but rather abused trusted OAuth relationships.Source: Tech Radar
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds





