Takedown of Salesloft Drift imminent amid widespread intrusions

More organizations, including SpyCloud, Tanium, PagerDuty, and Proofpoint, have confirmed being impacted by the Salesloft Drift supply chain attack campaign involving stolen OAuth tokens, which was previously reported to have affected Cloudflare, Palo Alto Networks, Google Workspace, and Zscaler, prompting Salesloft to announce the impending temporary shutdown of the Drift platform, The Hacker News reports. "This will provide the fastest path forward to comprehensively review the application and build additional resiliency and security in the system to return the application to full functionality," said Salesloft, which noted an ongoing incident response collaboration with Mandiant and Coalition. Such a development comes after over 700 entities were suspected by Google to have been targeted by the UNC6395 threat cluster's intrusions aimed at Drift integrations between August 8 and 18. Attackers are believed by Cloudflare to possibly launch subsequent intrusions exploiting data pilfered in the Salesloft Drift breaches. "Given that hundreds of organizations were affected through this Drift compromise, we suspect the threat actor will use this information to launch targeted attacks against customers across the affected organizations," Cloudflare added.