- Scattered Lapsus $ Hunters launches data leakage space to push victims for ransom negotiations
- Attackers utilized Salesloft’s operation -App to access Salesforce -Kundetata, not Salesforce
- Victims include cloudflare, zscaler, durable; SALESFORCE denies platform comprois or active vulnerabilities
Scattered lapsus $ hunters, a team -up of notorious hacking groups scattered spider, lapsus $ and shiny hunters, apparently created an independent data leak and extortion to push his victims to pay their ransom.
Earlier in 2025, news broke out that attackers managed to break a third -party app – Salesloft’s operating integration – and steal OAuth and Refresh -Tokens. Then they used tokens to call the app customers’ Salesforce APIs and Exfiltrate data such as customer contact records, case objects and the like. Salesforce itself was not broken, but the data that hosted the clients was still fooled.
The list of affected organizations is quite extensive and includes a number of heavy meetings such as Cloudflare, Palo Alto Networks, Zscaler, Tenable and others.
“Not -lay incidents”
Now, threat actors are calling for victims to reach out and negotiate an appointment: “Contact us to regain control of data management and prevent the publication of your data,” the message said. “Don’t be the next headline. All communication requires strict verification and will be handled with estimates.”
Researchers fromTechcrunchIt claims to have seen since late last week, says the list on the site is missing out on a few names known to have been broken, and speculates that some of the companies may have already paid the demand for ransom.
However, the hackers did not deny – or confirmed – these speculation that said to the publication, “there are several other companies that have not been listed.”
Salesforce, on the other hand, does not seem to be limited by the new development, where a spokesman says: “Our findings show that these trials relate to past or non -built -in events, and we remain engaged with affected customers to provide support.”
“At this point, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.”
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
