- Zscaler confirms the loss of confidential data of the client of his account
- The attackers moved after compromising the Salesloft drift platform
- Some believe that this was done by Shinyhunters
Now we can add Zscaler to the growing list of Salesloft customers who suffered a third party attack and lost confidential information of the client after they were confirmed that data were taken.
In the announcement, Zscaler explained that he was a Salesloft client, whose AI chat platform, Salesloft Drift, was compromised.
Since this platform is connected with Salesforce, the criminals managed to move laterally, steal Oauth and update tokens, and access customer data such as ZScaler.
Shinyhunters or UNC6395?
The company emphasized that its systems and products were not compromised, only the data:
“The scope of the incident is limited to Salesforce and does not imply access to any of the underlying underlying products, services or systems and infrastructure,” he said.
Even so, the attackers managed to steal names, commercial email addresses, work titles, telephone numbers, regional and location details, Zscaler product licenses and commercial information, as well as content of certain support cases.
The company said that until now, there is no evidence that the data is abused in nature, but still asked its users to remain attentive and distrust of the incoming attacks of Phishing and Social Engineering. Zscaler also said he revoked all Salesloft drift integrations, rotated tokens and initiated an in -depth investigation.
Until now, the attribution of the attack was quite challenging. The Google Threat Intelligence Group (GTIG) believes that it is the work of a threat actor that traces as UNC6395.
Shinyhunters, a well -known ransomware operator and data thief, also assumed responsibility, a claim confirmed to the media for multiple security researchers.
Through Bleepingcomputer
