- Google experts warning of the ongoing visging campaign
- Threat actors are pretending to support you and deceive people to download malware
- They use fake Salesforce applications to steal data
Around 20 companies lost their data when cybercriminals passed through Salesforce and deceived them to download malicious software, experts warned.
A new report by the Google threat intelligence group (GTIG) has revealed how a tracked threat actor as UNC6040 has been pointing to organizations in the West for months.
They would call companies in hospitality, retail sale, education and other verticals on the phone, and intend to support IT, will deceive employees to download and install a contaminated version of Salesforce Data Loader, a customer application used to import, export, update, eliminate or insert data in salts, administrators mainly used by administrators and developers and developers large to handle large developers to handle large developers to handle large developers and developers volumes that cannot be easy to administer through the sales base through the sales base.
“Significant capabilities”
When installing the malicious program, the victims would grant “significant capabilities” of UNC6040 to access, consult and exfilt confidential information directly from the enchanted Salesforce clients environments, GTIG explained.
Google also said that the months would go between the moment they would steal the data, and at the time they would communicate trying to extort the victim for money.
This, the researchers speculate, could mean that a group is stealing, and another negotiating. UNC6040 has claimed affiliation with groups such as Shinyhunters in the past, and could be part of “Com”, a large cyber -discharged cyber -border group without tightening.
Infamous groups such as the scattered spider are also part of this underground ecosystem.
Finally, Google emphasized that in all observed cases, the attackers trusted manipulation and tricks, aimed at people, not the system.
No vulnerabilities were found inherent to Salesforce, or were used, in this campaign, therefore, the best way to defend themselves against them, and other similar campaigns, would be to educate employees about the dangers of phishing and their variants (amordazos, splashes, jesters and others).
