Google has reported that a threat actor known as 'UNC6040' is conducting voice phishing (vishing) attacks against companies to infiltrate Salesforce instances and steal customer data. This data is used to demand ransoms from the affected companies. Google itself experienced a breach in June when one of its Salesforce instances was compromised, leading to the theft of business information. The stolen information primarily consisted of publicly available data, including contact details of small and medium businesses.
In June, one of Google's corporate Salesforce instances was impacted by similar UNC6040 activity described in this post. Google responded to the activity, performed an impact analysis and began mitigations.
The instance was used to store contact information and related notes for small and medium businesses. Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off.
Collection
[
|
...
]