Google Warns of Vishing and Data Theft Attacks Targeting Salesforce
A cybercriminal group called UNC6040 has targeted around 20 organizations across various sectors in the Americas and Europe using fake IT support calls to trick employees into installing malicious versions of Salesforce's Data Loader, leading to data theft and extortion. The group employs voice-phishing tactics, impersonating IT support to gain access to Salesforce and other platforms, with some attacks resulting in long-term data exfiltration and potential partnerships with other threat actors. Salesforce has issued guidance on protecting against such social engineering attacks.