"Attackers grabbed data from the sales management giant Salesforce in at least two breaches this year-but they didn't compromise Salesforce directly. Instead, the group breached third-party Salesforce contractor integrations, including those of Gainsight and Salesloft. Google's Threat Intelligence Group published about the spree in August, saying that some Google Workspace data had been compromised as part of the breach of the sales and marketing platform Salesloft Drift."
"The spree was perpetrated by a group known as Scattered Lapsus$ Hunters-a potential amalgam of actors and tooling from the hacking and data theft groups Scattered Spider, Lapsus$, and ShinyHunters. Researchers note, though, that the group isn't actually a one-to-one evolution of the three namesakes. Regardless, Scattered Lapsus$ Hunters have a data leak site where they've been previewing troves of stolen data from the campaign and"
A surge of cyber incidents marked the year, with data breaches, leaks, ransomware, digital extortion, and state-sponsored attacks intensifying. Attackers targeted third-party integrations tied to Salesforce, compromising contractor platforms such as Gainsight and Salesloft and exposing some Google Workspace data through those breaches. Multiple major companies and services were affected, and TransUnion experienced a related breach that revealed information for 4.4 million people, including names and Social Security numbers. The campaign has been linked to a group calling itself Scattered Lapsus$ Hunters, which appears to combine actors and tools from several known hacking groups and maintains a data leak site.
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]