"The group, now calling itself Scattered LAPSUS$ Hunters, claims to have access to data from approximately 40 companies that utilize the CRM platform. According to The Register, they are demanding $989 million to prevent around a billion customer records from appearing online. The group gave Salesforce until October 10 to negotiate payment. Salesforce says it has no evidence that its own platform has been hacked."
"The renewed threat appears to be linked to the UNC6040 group, which specializes in telephone social engineering attacks, or vishing. In these attacks, criminals pose as IT staff to convince users to authorize a malicious application within Salesforce. This gives them access to sensitive customer information without exploiting a technical vulnerability. According to Google Threat Intelligence Group (GTIG), Google's internal Salesforce environment was also hit by a similar attack in June. The breach only involved basic information about small and medium-sized businesses and was quickly resolved."
Scattered LAPSUS$ Hunters claim access to data from roughly 40 companies using the CRM platform and demand $989 million to prevent the release of about one billion customer records. Salesforce reports no evidence of its platform being hacked and states the threats reference previous or unconfirmed incidents while it works with external specialists and authorities and supports potentially affected customers. The activity appears linked to UNC6040, which conducts telephone social engineering or vishing to get users to authorize malicious Salesforce applications. Google Threat Intelligence Group noted a similar June incident and reported attackers exporting data via the Salesforce API using Python apps, VPNs, and TOR. A separate group, UNC6240, later pressures victims for ransom and may claim affiliation with ShinyHunters.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]