Hackers abuse modified Salesforce app to steal data, extort companies, Google says

By AJ Vicens
(Reuters) -Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies, Google said on Wednesday.
The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said.
A Google spokesperson told Reuters that roughly 20 organizations have been affected by the UNC6040 campaign, which has been observed over the past several months. A subset of those organizations had data successfully exfiltrated, the spokesperson said.
A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.'
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was "aware of only a small subset of affected customers," and said it was "not a widespread issue."
Salesforce warned customers of voice phishing, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Yahoo

3 hours ago

• Yahoo

傳蘋果將捨棄Google合作 將收購AI搜尋黑馬Perplexity

科技中心／李宜樺報導 ▼▲蘋果傳新併購消息！恐捨棄Google，轉密會AI搜尋新星Perplexity。（圖／翻攝自YT@Apple） AI戰升溫，科技巨頭火力全開！繼Meta投資Scale AI後，如今傳出蘋果也悄悄布局，要收購AI搜尋新貴「Perplexity AI」，甚至傳出考慮放棄Google作為預設搜尋引擎。這場看似平靜的搜尋戰場，已悄然掀起風暴！ 根據《彭博》知名科技記者Mark Gurman爆料，蘋果併購部門主管Adrian Perica已在內部討論是否收購Perplexity，雖仍處於早期階段，但若交易成真，將是蘋果史上最大規模併購案──該公司估值高達140億美元，遠超2014年30億美元收購Beats的紀錄。 除了併購，蘋果也考慮另一合作模式，將Perplexity整合至Safari與Siri，作為替代Google搜尋的AI解決方案。畢竟蘋果與Google的搜尋合作協議，正面臨美國反壟斷調查威脅，恐有被迫拆夥的可能。 Perplexity成立僅兩年，卻以AI驅動搜尋技術嶄露頭角，透過自動總結、引文標示等功能挑戰Google霸主地位，甚至已與三星展開深度合作，成為蘋果收購計畫的潛在障礙。 Perplexity對收購傳聞低調回應，稱「目前沒有相關消息」，但該公司近期與多家科技巨頭接觸頻繁，包括Meta也曾試圖收購、並挖角其CEO Aravind Srinivas，顯示AI搜尋市場人才爭奪戰已進入白熱化。 當AI搜尋成為下一代搜尋引擎的競爭主戰場，蘋果此舉無疑是對Google發出重大威脅。科技巨頭的版圖重組已開始，誰能掌握搜尋流量與AI技術，誰就能主宰未來。 更多三立新聞網報導2025報稅必知／報稅倒數9天 你真的報完了嗎？「這一步」沒做＝白報！美軍參戰 介入以伊戰爭！衝突升級 冷靜異常的黃金現補漲行情？全球熱錢瘋搶亞洲 高盛曝對沖基金5年最大買盤新光金、新壽5月再虧破百億 靠準備金撐盤仍難止血？

The Hill

4 hours ago

• The Hill

Judge orders Abrego Garcia's release, but government expected to detain him

Kilmar Abrego Garcia, who was mistakenly deported by the Trump administration to El Salvador then returned to the U.S. amid a legal battle, was ordered released from jail on Sunday by a Tennessee judge while he awaits federal trial. The government, however, is expected to quickly detain him upon his release, which U.S. Magistrate Judge Barbara Holmes scheduled a Wednesday hearing to discuss. The Justice Department has filed a motion to appeal the judge's release order. At a detention hearing on June 13, prosecutors said U.S. Immigration and Customs Enforcement would take Abrego Garcia into custody if he were released on the criminal charges, and he could be deported before he has a chance to stand trial. The new charges stem from a 2022 traffic stop in Tennessee. Abrego Garcia was stopped for speeding, and an officer questioned why he was traveling with so many people without luggage. The indictment alleges Abrego Garcia falsely told the officer he was driving construction workers from St. Louis, but he was actually on one of multiple trips organized to transport migrants who were living in the country illegally. Attorneys for Abrego Garcia have cast the case as trumped-up charges and a way for the administration to save face after allowing him to be wrongly imprisoned for nearly three months. The Trump administration had resisted court orders directing Abrego Garcia be returned to the U.S., but he was swiftly returned in early June as the Justice Department announced charges for the Maryland resident, who is a Salvadoran national. Holmes acknowledged in her ruling Sunday that determining whether Abrego Garcia should be released is 'little more than an academic exercise' because ICE will likely detain him. But the judge wrote that everyone is entitled to the presumption of innocence and 'a full and fair determination of whether he must remain in federal custody pending trial.' Holmes wrote that the government failed to prove that Abrego was a flight risk, that he posed a danger to the community or that he would interfere with proceedings if released. 'Overall, the Court cannot find from the evidence presented that Abrego's release clearly and convincingly poses an irremediable danger to other persons or to the community,' the judge wrote. Rebecca Beitsch and The Associated Press contributed to this report.

New York Post

5 hours ago

• New York Post

Investors brace for oil price spike, rush to safe havens after US bombs Iran nuclear sites

A US attack on Iranian nuclear sites could push oil prices even higher and trigger a knee-jerk rush to safety, investors said, as they assessed how the latest escalation of tensions would ripple through the global economy. The reaction in Middle East stock markets, which trade on Sunday, suggested investors were assuming a benign outcome, even as Iran intensified its missile attacks on Israel in response to the sudden, deep U.S. involvement in the conflict. President Trump called the attack 'a spectacular military success' in a televised address to the nation and said Iran's 'key nuclear enrichment facilities have been completely and totally obliterated.' He said the U.S. military could go after other targets in Iran if the country did not agree to peace. Advertisement Iran said it reserves all options to defend itself, and warned of 'everlasting consequences.' Speaking in Istanbul, Iranian Foreign Minister Abbas Araqchi said Tehran was weighing its options for retaliation and would consider diplomacy only after carrying out its response. 7 President Trump called the attack 'a spectacular military success.' REUTERS Investors said they expected US involvement would cause a stock market selloff and a possible bid for the dollar and other safe-haven assets when major markets reopen, but also said much uncertainty remained. Advertisement 'I think the markets are going to be initially alarmed, and I think oil will open higher,' said Mark Spindel, chief investment officer at Potomac River Capital. 'I think the uncertainty is going to blanket the markets, as now Americans everywhere are going to be exposed. It's going to raise uncertainty and volatility, particularly in oil,' he added. One indicator of how markets will react in the coming week was the price of ether, the second-largest cryptocurrency and a gauge of retail investor sentiment. Advertisement 'We don't have any damage assessment and that will take some time. Even though (Trump) has described this as 'done', we're engaged,' Spindel said. Ether was down 8.5% on Sunday, taking losses since the first Israeli strikes on Iran on June 13 to 13%. 7 Iran has warned of 'everlasting consequences' over the U.S. attack. via REUTERS Most Gulf stock markets, however, seemed unconcerned by the early morning attacks, with the main indexes in Qatar, Saudi Arabia, and Kuwait up slightly or flat. Israel's Tel Aviv main index was at an all-time high. Advertisement A key concern for markets centers around the potential impact of Middle East developments on oil prices and thus on inflation. Rising inflation could dampen consumer confidence and lessen the chance of near-term interest rate cuts. Saul Kavonic, a senior energy analyst at equity research firm MST Marquee in Sydney, said Iran could respond by targeting American interests in the Middle East, including Gulf oil infrastructure in places such as Iraq or harassing ship passages through the Strait of Hormuz. 7 Traders are bracing for a rocky day on Wall Street when markets open Monday. AFP via Getty Images The Strait of Hormuz lies between Oman and Iran and is the primary export route for oil producers such as Saudi Arabia, the United Arab Emirates, Iraq and Kuwait. 'Much depends on how Iran responds in the coming hours and days, but this could set us on a path towards $100 oil if Iran respond as they have previously threatened to,' Kavonic said. While global benchmark Brent crude futures have risen as much as 18% since June 10, hitting a near five-month high of $79.04 on Thursday, the S&P 500 has been little changed, following an initial drop when Israel launched its attacks on Iran on June 13. 7 Brent crude futures have risen as much as 18% since June 10, Getty Images Jamie Cox, managing partner at Harris Financial Group, said oil prices would likely spike before leveling off in a few days as the attacks could lead Iran to seek a peace deal with Israel and the U.S. Advertisement 'With this demonstration of force and total annihilation of its nuclear capabilities, they've lost all of their leverage and will likely hit the escape button to a peace deal,' Cox said. Economists warn that a dramatic rise in oil prices could damage a global economy already strained by Trump's tariffs. 7 During past Mideast, stocks initially languished but soon recovered to trade higher in the months ahead. AFP via Getty Images Still, any pullback in equities might be fleeting, history suggests. During past eruptions of Middle East tensions, including the 2003 Iraq invasion and the 2019 attacks on Saudi oil facilities, stocks initially languished but soon recovered to trade higher in the months ahead. Advertisement On average, the S&P 500 slipped 0.3% in the three weeks following the start of conflict, but was 2.3% higher on average two months following the conflict, according to data from Wedbush Securities and CapIQ Pro. An escalation in the conflict could have mixed implications for the U.S. dollar, which has tumbled this year amid worries over diminished U.S. exceptionalism. 7 Analysts say the dollar could benefit from a safety bid in the event of direct US engagement in the Iran-Israel war. AFP via Getty Images In the event of U.S. direct engagement in the Iran-Israel war, the dollar could initially benefit from a safety bid, analysts said. Advertisement 'Do we see a flight to safety? That would signal yields going lower and the dollar getting stronger,' said Steve Sosnick, chief market strategist at IBKR in Greenwich, Conn. 'It's hard to imagine stocks not reacting negatively and the question is how much.' Jack McIntyre, portfolio manager for global fixed income at Brandywine Global Investment Management in Philadelphia, said it was uncertain whether U.S. Treasuries would rally after the U.S. attack, largely due to the market's hypersensitivity to inflation. 'This could lead to regime change (which) ultimately could have a much bigger impact on the global economy if Iran shifts towards a more friendly, open economic regime,' said McIntyre.