- Google experts who warn of the ongoing Viseing campaign
- Threat actors who imitate it, support and fool people to download malware
- They use fake Salesforce -Apps to steal data
About 20 companies lost their data when cyber criminals mimicked Salesforce and tricked them into downloading malicious software, experts have warned.
A new Google Threat Intelligence Group (GIR) report has revealed how a threat actor traced as UNC6040 has been targeting organizations in the West for months now.
They will call businesses in hospitality, retail, education and other vertical on the phone and pretend to be the support, fool employees to download and install an obsessed version of Salesforce data launches, a client application used to import, export, update, delete or paste data in Salesforce, primarily used by administrators and developers to handle large volumes of data, managed through Salesforce location.
“Significant capabilities”
By installing the malicious program, the victims would provide the UNC6040 “significant capabilities” to access, query and exfilter sensitive information directly from the compromised Salesforce customer environments, Gather explained.
Google also said that months would go between the time they would steal the data and the moment they would reach out to try and put the victim of money.
This speculates, scientists can mean a group doing stealing and another negotiation. The UNC6040 has demanded connection to groups such as Shinyhunters in the past and could be part of “The Com”, a large, loosely connected collective of cyber criminals.
Higher groups such as scattered spider are also part of this underground ecosystem.
Finally, Google emphasized that attackers in all observed cases depended on manipulation and tricks, targeting the people, not the system.
No vulnerabilities were found associated with Salesforce, or used in this campaign – therefore the best way to defend against this and other similar campaigns would be to educate employees about the dangers of phishing and their variants (smishing, vising, quishing and others).
