Hackers Pose as ShinyHunters to Swipe Salesforce Data: Protect Your Company Now!
Google’s Threat Intelligence Group (GTIG) warns that hackers, claiming to be ShinyHunters, are using voice phishing to exploit Salesforce’s Data Loader. By posing as IT support, they trick employees into connecting modified applications to exfiltrate sensitive data. These extortionists eventually demand ransoms, threatening to leak stolen information months after the initial breach.
Hot Take:
In the realm of cybersecurity, the ShinyHunters seem to be playing the ultimate game of hide and seek, but instead of “You’re it!” they’re shouting “You’ve been phished!” It’s a classic case of “Who you gonna call?” but unfortunately, Ghostbusters aren’t much help against voice phishing attacks. Maybe Salesforce needs a feature that flags data-stealing requests with a big ol’ “Are you sure you want to do this, really?” button.
Key Points:
- Cyber attackers claim to be ShinyHunters, targeting Salesforce data via voice phishing.
- The attacks involve tricking employees into connecting a modified Salesforce Data Loader.
- Post data theft, attackers move laterally to access other platforms like Okta and Microsoft 365.
- Google suggests restricting API permissions and blocking VPNs to prevent such attacks.
- Extortion demands often occur months after the initial data breach.