FBI Alert: Cybercriminals UNC6040 and UNC6395 Target Salesforce in High-Stakes Data Heist!
The FBI warns of data theft and extortion attacks by UNC6040 and UNC6395, targeting Salesforce platforms. These cybercriminals are not just stealing data, they’re running a masterclass in bad behavior. With ShinyHunters possibly launching a data leak site, it’s a cyber soap opera. Stay alert, folks, the drama isn’t over!
Hot Take:
Looks like the FBI is playing whack-a-mole with cybercriminals UNC6040 and UNC6395, who are treating Salesforce like their personal buffet. While they’re busy raiding data like it’s a Black Friday sale, Salesloft is frantically trying to close Pandora’s box with duct tape and prayers. Meanwhile, ShinyHunters and their merry band of misfits are “going dark,” which probably means they’re just rebranding like a washed-up boy band. Stay tuned for their comeback tour, now with more extortion and fewer morals!
Key Points:
- The FBI issued an alert about UNC6040 and UNC6395, two cybercriminal groups targeting Salesforce.
- UNC6395 exploited OAuth tokens from a compromised Salesloft GitHub account to access Salesforce data.
- Salesloft is implementing new security measures and advised customers to treat Drift integrations as compromised.
- UNC6040 used vishing and modified Salesforce tools for data theft and extortion.
- ShinyHunters, part of the UNC6040 cluster, claims to be disbanding but may just be regrouping under a new guise.