Google has become the latest victim in a series of Salesforce CRM data theft attacks conducted by a notorious extortion group known as ShinyHunters.
Bleeping Computer reports that in a recent update to an article warning about ongoing Salesforce data theft attacks, Google revealed that it too fell victim to a breach in June. The tech giant’s disclosure comes amidst a wave of similar incidents targeting various companies, all orchestrated by the ShinyHunters threat actor group.
According to Google, one of its corporate Salesforce instances was compromised in June, allowing the attackers to exfiltrate customer data during a brief window before access was cut off. The stolen data was reportedly limited to basic and largely public business information, such as company names and contact details.
But why should all this matter to you? I received an email from a viewer who learned a hard lesson too. “I recently had a scare when someone tried accessing my home security camera, and it made me realize how common these hacking risks are.”
This guide shows how to stay protected: Guide to protect your security.
Google has classified the threat actors behind these attacks as ‘UNC6040’ or ‘UNC6240.’ However, BleepingComputer, which has been closely monitoring the situation, has confirmed that ShinyHunters is responsible for the breaches. The notorious group has a long history of high-profile attacks, including those targeting PowerSchool, Oracle Cloud, Snowflake, AT&T, NitroPDF, Wattpad, MathWay, and many others.
In a conversation with BleepingComputer, ShinyHunters claimed to have breached numerous Salesforce instances, with attacks still ongoing. The threat actor even hinted at having compromised a trillion-dollar company, though it remains unclear if this refers to Google.
The modus operandi of ShinyHunters involves conducting voice phishing (vishing) social engineering attacks to trick employees into granting access to their companies’ Salesforce instances. Once inside, the attackers proceed to download customer data, which is then used to extort the targeted companies, demanding ransom payments to prevent the data from being publicly leaked.
BleepingComputer has learned that one company has already paid four Bitcoins (approximately $400,000) to prevent the leak of their data. Other high-profile victims include Adidas, Qantas, Allianz Life, Cisco, and LVMH subsidiaries such as Louis Vuitton, Dior, and Tiffany & Co.
Be the first to comment