"The ever-widening series of supply chain attacks on Salesforce instances linked to Salesloft' Drift app has claimed a number of new victims in recent days, including Cloudflare, Palto Alto Networks, and Zscaler. Cybersecurity firms SpyCloud and PagerDuty also said they were hit by the UNC6395 threat group that exploited a vulnerability in Salesloft Drift OAuth integration with Salesforce to steal sensitive information from reportedly hundreds of organizations."
"According to the Google Threat Intelligence Group (GTIC), UNC6395 targeted Salesforce customers' instances from August 8 through at least August 18 via compromised OAuth tokens associated with the Salesloft Drift app, which is used by sales and marketing groups to automate sales workflows. Salesloft bought Drift early last year. In a blog post this week, security executives with Cloudflare said bad actors accessed the company's Salesforce instance that it uses for customer support and case management."
A threat group tracked as UNC6395 exploited a vulnerability in the Salesloft Drift OAuth integration to access Salesforce instances and steal sensitive data. The campaign targeted Salesforce customer instances from August 8 through at least August 18 using compromised OAuth tokens tied to the Salesloft Drift app. Known victims include Cloudflare, Palo Alto Networks, Zscaler, SpyCloud, and PagerDuty, with reports of data theft from reportedly hundreds of organizations. Salesloft acquired Drift early last year. Cloudflare stated that attackers accessed its Salesforce instance used for customer support and case management. A Telegram user named "UNC6395" was reported arrested, with no reported link to the hacking activity.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]