FBI Alerts on Cybercriminals UNC6040 and UNC6395 Targeting Salesforce
The FBI has issued a warning about two cybercriminal groups, UNC6040 and UNC6395, targeting Salesforce platforms for data theft and extortion. UNC6395 exploited compromised OAuth tokens from a breached GitHub account, while UNC6040 employed vishing campaigns to hijack Salesforce instances. Both groups are tied to extensive data exfiltration and extortion efforts, with indications of an evolving collaboration among various cybercriminal factions. Despite recent claims of shutting down operations, experts caution that such groups often re-emerge under new identities, highlighting the need for organizations to maintain vigilance against potential threats.