A breach involving Google's Salesforce instance was disclosed after the company learned about it months later. The attack, attributed to threat group UNC6040, involved data retrieval of public business information. A second group, UNC6042, known as ShinyHunters, partook in extortion activities following the initial breach. Google indicated these actors might escalate their tactics with a data leak site to pressure victims. Organizations are advised to audit Salesforce access and implement security measures, including multifactor authentication and staff training against scams.
Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off.
In addition, we believe threat actors using the 'ShinyHunters' brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS).
Collection
[
|
...
]