Bill Toulas reports:
Google has observed hackers claiming to be the ShinyHunters extortion group conducting social engineering attacks against multi-national companies to steal data from organizations’ Salesforce platforms.
According to Google’s Threat Intelligence Group (GTIG), which tracks the threat cluster as ‘UNC6040,’ the attacks target English-speaking employees with voice phishing attacks to trick them into connecting a modified version of Salesforce’s Data Loader application.
The attackers impersonate IT support personnel, requesting the target employee to accept a connection to Salesforce Data Loader, a client application that allows users to import, export, update, or delete data within Salesforce environments.
Read more at Bleeping Computer.