Salesforce is facing a serious cybersecurity threat as a criminal syndicate, identifying itself as Scattered LAPSUS$ Hunters, has made allegations of stealing around one billion records from multiple Salesforce customers. The group initiated this extortion campaign back in May, utilizing voice calls to reach organizations that utilize Salesforce for data storage. According to Google-owned Mandiant, these calls involved English-speaking individuals who attempted to persuade targets to connect to an attacker-controlled application through their Salesforce portals. Alarmingly, many recipients of these calls complied with the demands.
Scattered LAPSUS$ Hunters combines elements from three known data-extortion groups: Scattered Spider, LAPSuS$, and ShinyHunters. Notably, Mandiant refers to this group as UNC6040, as analysts are still working to clarify the specific relationships among these entities. Earlier this month, the group launched a dedicated website listing major corporations such as Toyota, FedEx, and 37 other clients whose data was allegedly compromised. They claimed to have recovered approximately 989.45 million records and issued an ultimatum to Salesforce to engage in ransom negotiations, threatening that all customer data would be leaked if the demands were not met. The group set a deadline for payment, which has since passed.
Following these threats, a Salesforce spokesperson confirmed that the company would not capitulate to the extortion demand, emphasizing their commitment to data security and customer trust. Given the scale of the alleged breach, it is crucial for organizations leveraging Salesforce to assess their cybersecurity measures diligently. Potential tactics employed in this attack can be analyzed through the MITRE ATT&CK framework, which might include initial access methods via social engineering and voice phishing, as well as persistence techniques through malicious application integration.
As businesses navigate these rising cybersecurity challenges, the implications of such incidents highlight the need for robust security protocols to prevent unauthorized access and data breaches. Understanding the tactics behind these attacks can help business leaders improve their defenses and remain vigilant against evolving cyber threats.
