A hacking group posing as IT assist personnel has infiltrated the Salesforce programs of at the very least 20 corporations throughout the US and Europe, in response to a brand new report by Google’s risk intelligence staff.
The cybercriminals, believed to be linked to a loosely linked collective referred to as “the Com,” exploited human error quite than software program vulnerabilities, counting on social engineering strategies to realize entry to delicate company information. The group, which reportedly has ties to hackers based mostly within the US, UK, and Western Europe, used telephone calls to impersonate IT workers, duping staff into handing over login credentials or connecting rogue purposes to their corporations’ Salesforce platforms.
As soon as inside, the attackers exfiltrated information, typically ready months earlier than contacting the victims with extortion calls for. Based on Google’s findings, the marketing campaign didn’t exploit any technical flaws inside Salesforce itself.
“There’s no indication the problem described stems from any vulnerability inherent to our companies,” a Salesforce spokesperson confirmed through e-mail. “Assaults like voice phishing are focused social engineering scams designed to use gaps in particular person customers’ cybersecurity awareness and greatest practices.”
Salesforce beforehand issued a warning in March, highlighting the rising use of social engineering techniques geared toward compromising buyer accounts. It additionally provided steerage to assist organisations strengthen their defences.
Whereas most of the current intrusions have affected the retail sector, the group’s actions seem to increase throughout a wider vary of industries. Notably, a number of main retailers — together with Marks & Spencer, Co-op, Adidas, Victoria’s Secret, Cartier, and North Face — have suffered cyberattacks in current weeks. Nonetheless, Google acknowledged that there’s not sufficient proof to immediately hyperlink the Com group to those particular incidents.
Austin Larsen, Principal Menace Analyst at Google’s Threat Analysis Group, mentioned: “Whereas we’ve seen this group goal retail, they’ve additionally focused different industries and we would not have sufficient info to definitively hyperlink this group to the current hacks within the US and UK extra broadly.”
Google’s investigation additionally revealed that the perpetrators used infrastructure and techniques beforehand related to members of the Com, together with people believed to be a part of the notorious Scattered Spider hacking collective. That group has been linked to quite a few high-profile breaches lately and is understood for impersonating IT personnel as a part of its modus operandi. Some members are additionally believed to be concerned in SIM-swapping schemes to steal cryptocurrency, typically coordinating through social media platforms.
In mild of the findings, Google has urged companies to strengthen worker coaching and stay alert to the specter of social engineering, which continues to be a major vector for cyberattacks regardless of advances in technical safety.
(With inputs from Bloomberg)
