"The threat group making the demands began their campaign in May, when they made voice calls to organizations storing data on the Salesforce platform, Google-owned Mandiant said in June. The English-speaking callers would provide a pretense that necessitated the target connect an attacker-controlled app to their Salesforce portal. Amazingly-but not surprisingly-many of the people who received the calls complied."
"Earlier this month, the group created a website that named Toyota, FedEx, and 37 other Salesforce customers whose data was stolen in the campaign. In all, the number of records recovered, Scattered LAPSUS$ Hunters claimed, was "989.45m/~1B+." The site called on Salesforce to begin negotiations for a ransom amount "or all your customers [sic] data will be leaked." The site went on to say: "Nobody else will have to pay us, if you pay, Salesforce, Inc." The site said the deadline for payment was Friday."
Salesforce is refusing to pay an extortion demand from a crime syndicate claiming to have stolen roughly one billion records from dozens of Salesforce customers. The attackers began in May with voice calls to organizations using Salesforce, persuading targets to connect an attacker-controlled app to their portals; many recipients complied. The group calls itself Scattered LAPSUS$ Hunters, combining Scattered Spider, LAPSuS$, and ShinyHunters, and is tracked as UNC6040 by Mandiant. The group published a website naming Toyota, FedEx, and 37 other customers, claiming 989.45m/~1B+ records and demanding ransom with a Friday deadline.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]