A report by Google Threat Intelligence Group exposes a sophisticated hacker campaign by UNC6040 targeting Salesforce users through voice phishing (vishing). The attackers pose as IT support, convincing employees to download a malicious version of Salesforce's Data Loader, which enables them to access sensitive company data without the need for traditional hacking. The campaign reveals a growing trend in cyberattacks where social engineering and deception supersede technical flaws, highlighting vulnerabilities in human behavior rather than software security. This poses significant risks to corporate security, especially in cloud services.
The hackers impersonate Salesforce employees, claiming urgent technical problems, and direct victims to a fake site to download a modified Data Loader, enabling sensitive data theft.
This voice phishing campaign highlights a trend where attackers exploit human trust and social engineering to gain access to sensitive information without traditional hacking.
Collection
[
|
...
]