Technology NewsTechnology NewsTechnology News
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Reading: Hackers Exploit Fake Salesforce Tools to Breach Corporate Data
Share
Font ResizerAa
Technology NewsTechnology News
Font ResizerAa
Search
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Follow US
  • Cookie Policy (EU)
  • Contact
  • About
© 2025 NEWSLINKER - Powered by LK SOFTWARE
Cybersecurity

Hackers Exploit Fake Salesforce Tools to Breach Corporate Data

Highlights

  • Hackers posed as IT support to deploy fake Salesforce tools in attacks.

  • 20 organizations suffered data breaches across several cloud platforms.

  • User training and app installation controls can mitigate related risks.

Kaan Demirel
Last updated: 4 June, 2025 - 10:49 pm 10:49 pm
Kaan Demirel 2 days ago
Share
SHARE

A recent wave of cyberattacks targeting multinational companies has exposed vulnerabilities in cloud-based platforms through the abuse of social engineering. Approximately 20 organizations in sectors such as hospitality, retail, and education fell victim after employees were misled by attackers posing as IT support. The threat actors convinced staff members to install a counterfeit version of Salesforce’s Data Loader, resulting in significant data breaches and extortion attempts. These incidents highlight persistent risks found in the growing reliance on cloud integrations and the use of single sign-on services.

Contents
How Attackers Bypassed Cloud Security MeasuresWhich Platforms Were Targeted Beyond Salesforce?Why Did Attackers Imitate IT Support Roles?

Incidents involving fraudulent IT assistance have surfaced before; however, the combination of targeted voice phishing with malicious Salesforce-related tools represents a shift in tactics. In earlier events, attackers focused predominantly on phishing emails or direct credential theft rather than leveraging elaborate fake application installations. Compared to information reported last year, the inclusion of platforms such as Okta, Microsoft 365, and Workplace in lateral data theft schemes demonstrates broader impact and evolving sophistication among threat groups like UNC6040.

How Attackers Bypassed Cloud Security Measures

Once contact was established, the attackers instructed employees to install what appeared to be a legitimate Salesforce support app. This process exploited cloud authentication protocols like OAuth, paired with routine acceptance of IT requests, which exposed sensitive login details and multi-factor authentication codes. Companies with significant cloud interconnectivity and single sign-on tools, such as Okta, faced heightened risks due to their widespread use and high privilege levels across systems.

Which Platforms Were Targeted Beyond Salesforce?

Although Salesforce served as the initial point of intrusion, attackers expanded their efforts to connected platforms, notably Okta, Microsoft 365, and Workplace. Researchers observed that UNC6040 moved laterally within victim organizations’ infrastructure after securing access, seeking to maximize the amount of accessible and extractable data across these systems.

Why Did Attackers Imitate IT Support Roles?

Attackers leveraged trusted IT support scenarios to establish credibility and urgency with their targets. By simulating common helpdesk interactions and referencing fabricated open support tickets, they prompted employees to follow instructions without suspicion. This approach positioned the threat actors to guide victims through authentic-looking authentication steps, ultimately permitting malicious app installation.

“Attacks like voice phishing are targeted social-engineering scams designed to exploit gaps in individual users’ cybersecurity awareness and best practices,” a Salesforce spokesperson explained.

Salesforce confirmed that its platform security remained intact, emphasizing that successful attacks stemmed from user manipulation and not technical vulnerabilities within Salesforce’s core services. The company has issued updated guidance to remind customers of shared security responsibilities and the threat posed by sophisticated social engineering scams.

While the scope of these attacks is currently confined to about 20 organizations, the incidents underscore the growing complexity of identity-focused threats in enterprise environments. Multinational organizations using cloud ecosystems and federated identity platforms remain attractive targets for groups like UNC6040. Lessons from this case urge organizations to reinforce user training, verify IT support channels, and ensure robust controls over app installations and privilege inheritance. Attackers’ evolving strategies show a trend toward combining voice-based scams with deceptive software distribution to bypass technological defenses, exploiting the human element as the weak link in corporate cybersecurity.

You can follow us on Youtube, Telegram, Facebook, Linkedin, Twitter ( X ), Mastodon and Bluesky

You Might Also Like

U.S. Authorities Seize $7.7M Linked to North Korean Crypto Laundering

Sean Cairncross Outlines Cyber Coordination Plans to Senate Panel

Feds Seize BidenCash Domains in Crackdown on Stolen Data Market

AI Drives Coding Boom, Sparks Security Debates in Software Development

Google Addresses 34 High-Severity Issues in Latest Android Security Update

Share This Article
Facebook Twitter Copy Link Print
Kaan Demirel
By Kaan Demirel
Kaan Demirel is a 28-year-old gaming enthusiast residing in Ankara. After graduating from the Statistics department of METU, he completed his master's degree in computer science. Kaan has a particular interest in strategy and simulation games and spends his free time playing competitive games and continuously learning new things about technology and game development. He is also interested in electric vehicles and cyber security. He works as a content editor at NewsLinker, where he leverages his passion for technology and gaming.
Previous Article Lucid Targets Tesla Owners With $4,000 Trade-In Incentive
Next Article Nvidia Releases Game Ready Driver 576.66, Targets Crash Fixes

Stay Connected

6.2kLike
8kFollow
2.3kSubscribe
1.7kFollow

Latest News

Players Tackle Challenging Wordle Puzzle as ‘EDIFY’ Emerges
Gaming
Tesla Update Lets Drivers Easily Unlatch Third-Party Chargers
Electric Vehicle
23andMe Faces New Ownership Battle as Higher Bid Triggers Fresh Auction
Technology
Tesla Seeks to Protect Crash Data as Robotaxi Launch Nears
Electric Vehicle
Simbe Rolls Out Inventory Robots at DeCicco & Sons Stores
Robotics
NEWSLINKER – your premier source for the latest updates in ai, robotics, electric vehicle, gaming, and technology. We are dedicated to bringing you the most accurate, timely, and engaging content from across these dynamic industries. Join us on our journey of discovery and stay informed in this ever-evolving digital age.

ARTIFICAL INTELLIGENCE

  • Can Artificial Intelligence Achieve Consciousness?
  • What is Artificial Intelligence (AI)?
  • How does Artificial Intelligence Work?
  • Will AI Take Over the World?
  • What Is OpenAI?
  • What is Artifical General Intelligence?

ELECTRIC VEHICLE

  • What is Electric Vehicle in Simple Words?
  • How do Electric Cars Work?
  • What is the Advantage and Disadvantage of Electric Cars?
  • Is Electric Car the Future?

RESEARCH

  • Robotics Market Research & Report
  • Everything you need to know about IoT
  • What Is Wearable Technology?
  • What is FANUC Robotics?
  • What is Anthropic AI?
Technology NewsTechnology News
Follow US
About Us   -  Cookie Policy   -   Contact

© 2025 NEWSLINKER. Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Register Lost your password?