Hackers on the Line: UNC6040’s Vishing Scams Targeting Salesforce Users

UNC6040 hackers are pulling off voice phishing capers by impersonating IT support on the phone. Their mission? Smooth-talk employees into granting access to Salesforce and more, all while relying on good old human error. It’s like tech support, but with a sinister twist!

3P
Published: June 8, 2025 9:45 pmAdded: June 8, 2025 at 2:56 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

UNC6040 has taken “call me maybe” to a whole new level with their vishing antics, proving once again that sometimes the biggest security threat is just a chatty “IT support” agent on the other side of the line. Who knew a phone call could be more dangerous than a zero-day exploit?

Key Points:

  • UNC6040 uses voice phishing to impersonate IT staff over the phone.
  • Their main target is Salesforce, exploiting human error rather than technical vulnerabilities.
  • Data theft is sometimes followed by delayed extortion attempts, linked to ShinyHunters.
  • The group moves laterally to access platforms like Okta and Microsoft 365 for more data.
  • Google’s Threat Intelligence Group suggests permissions management and monitoring as defenses.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?