Hackers have gained access to tech giant Google’s inner systems using its Salesforce account as an entry point.
The tech giant says a cybercriminal group pseudonymously known as “ShinyHunters”, who is known for breaching large organizations using social engineering tactics, accessed the company’s databases.
ShinyHunters has been linked to hacks involving AT&T Wireless, Microsoft, Mashable and many other big companies.
Originally discovered in June, Google says it’s now determined that ShinyHunters pulled off a data breach by targeting one of its instances with Salesforce, a leading software platform that provides customer relationship management (CRM) services.
“In June, one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post. Google responded to the activity, performed an impact analysis and began mitigations.
The instance was used to store contact information and related notes for small and medium businesses. Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”
Google says the hackers follow a protocol that begins with a phone call posing as Salesforce employees to gain access to the Salesforce account, and ends with the exfiltratiion of the account data, which can then be sold on the dark web or used as leverage for ransom.
Says Google,
“Voice phishing (vishing) as a social engineering method is not, in itself, a novel or innovative technique; it has been widely adopted by numerous financially motivated threat groups over recent years with varied results.
However, this campaign by UNC6040 is particularly notable due to its focus on exfiltrating data specifically from Salesforce environments. Furthermore, this activity underscores a broader and concerning trend: threat actors are increasingly targeting IT support personnel as a primary vector for gaining initial access, exploiting their roles to compromise valuable enterprise data.”
Follow us on X, Facebook and Telegram
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Surf The Daily Hodl Mix
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney
