Slashdot: Fake IT Support Calls Hit 20 Orgs, End in Stolen Salesforce Data and Extortion, Google Warns

Jun 4, 2025

—

Source URL: https://it.slashdot.org/story/25/06/04/1654250/fake-it-support-calls-hit-20-orgs-end-in-stolen-salesforce-data-and-extortion-google-warns?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Fake IT Support Calls Hit 20 Orgs, End in Stolen Salesforce Data and Extortion, Google Warns

Feedly Summary:

AI Summary and Description: Yes

Summary: The text discusses a cybersecurity incident involving a group of financially motivated scammers, known as UNC6040, who executed voice-phishing attacks to manipulate employees into installing a compromised version of Salesforce’s Data Loader. This incident highlights significant risks associated with social engineering and the vulnerabilities in enterprise software applications, particularly within sectors such as hospitality, retail, and education.

Detailed Description: The content details a sophisticated cybercrime operation that targets organizations by leveraging social engineering tactics for data theft. The following points encapsulate the incident’s significance:

– **Threat Actor:** UNC6040, a financially motivated group, has been associated with scams that involve impersonating IT support staff.
– **Attack Vector:** The group’s method of operation revolves around voice phishing, where they deceive employees into downloading a modified version of a legitimate application.
– **Target:** Approximately 20 organizations have been identified as victims, specifically within the hospitality, retail, and education sectors across the Americas and Europe.
– **Software Vulnerability:** The manipulated application, Salesforce’s Data Loader, is critical for managing large datasets, and attackers exploited its legitimate functionalities for malicious intent.
– **Specialization:** The attackers have demonstrated considerable expertise in convincing employees in multinational corporations to comply with their requests, highlighting the need for robust internal security training.

Implications for Security Professionals:
– This incident underscores the increasing sophistication of social engineering attacks and the importance of user awareness programs.
– Organizations should conduct regular training sessions to educate employees about identifying phishing attempts and the risks associated with downloading software from unverified sources.
– Implementing additional security measures such as multi-factor authentication (MFA) and monitoring tools can help mitigate the risks associated with internal user compromises.
– Regular audits of access to critical applications and a strong incident response plan will be crucial in detecting and responding to such threats promptly.

Overall, this report from the Google Threat Intelligence Group serves as a critical reminder of the evolving landscape of cybersecurity threats and the continuous need for vigilance in protecting sensitive data.

1 2 4 5 a access Act AGI AI and app Application applications art as attack attack vector attackers attacks audit Audits authentication aware awareness awareness programs Bi by C CI CIA co compromised content core crime critical critical applications cross cyber cybercrime cybersecurit Cybersecurity cybersecurity incident cybersecurity threat cybersecurity threats D data data theft dataset datasets de demo DoT e education education sector end Engineer engineering enterprise enterprise software ERP EU Europe exp expert expertise exploit extortion fact factor authentication factor authentication (MFA) financial for function g Gen git Go Google Google Threat Intelligence Google Threat Intelligence Group Group gs H high Highlight hospital HR http HTTPS implications implications for security in incident incident response incident response plan Intel intelligence intent inter intern io ite k l land large large datasets led Li Link Loader low M malicious intent man measures MFA ModI Monitor monitoring monitoring tools multi multi-factor authentication Multi-Factor Authentication (MFA) N nation NCA no non o of on operation organization organizations ory oS out over phi phishing phishing attack Phishing Attacks phishing attempts point professionals prompt Q R rag rate RCE report response Response Plan retail Risk risks Ro RoT s sales Salesforce scam scammers scams sec sector security security incident security measure security measures security professionals security threat security threats security training sensitive data side Sig SoC social social engineering social engineering attacks social engineering tactics software software applications software vulnerability source specific SSE SSO support T tactics Tails text the theft threat threat actor threat intel threat intelligence Threat Intelligence Group threats to tool tools Tor TP training under up US use user User Awareness uth V version victims vigilance voice voice phishing vulnerabilities vulnerability Ware Wi x