"Hackers abuse modified Salesforce app to steal data, extort companies, Google says", June 4, 2025

Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies, Google ...

The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have “proven particularly effective at tricking employees” into installing a modified version of Salesforce’s Data Loader... created by the hackers to emulate Data Loader.

If the employee installs the app, the hackers gain “significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,” the researchers said.

The access also frequently gives the hackers the ability to move throughout a customer’s network, enabling attacks on other cloud services and internal corporate networks...

Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as “The Com,” the researchers said.

A Google spokesperson told Reuters that roughly 20 organizations have been affected... A Salesforce spokesperson said there’s “no indication the issue described stems from any vulnerability inherent in our platform,” and described the calls as “targeted social engineering scams designed to exploit gaps in individual users’ cybersecurity awareness and best practices.”…