Salesforce

A financially motivated threat actor group, UNC6040, has been targeting Salesforce customers through voice phishing (Vishing). The group impersonates IT support personnel to trick employees into granting sensitive access or sharing credentials. This campaign has resulted in the compromise of organizational data and subsequent extortion attempts, posing a significant threat to the company's security and reputation.

Source: https://www.csoonline.com/article/4001744/hackers-use-vishing-to-breach-salesforce-customers-and-swipe-data.html

TPRM report: https://scoringcyber.rankiteo.com/company/salesforce

"id": "sal633060625",
"linkid": "salesforce",
"type": "Breach",
"date": "6/2025",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Multinational corporations',
                        'location': 'English-speaking branches',
                        'name': 'Salesforce customers',
                        'type': 'Organizations'}],
 'attack_vector': 'Telephone-based social engineering',
 'description': 'A financially motivated threat actor, tracked as UNC6040, is '
                'conducting a vishing campaign to compromise organizational '
                'data of Salesforce customers and carry out subsequent '
                'extortion.',
 'initial_access_broker': {'entry_point': 'Telephone-based social engineering'},
 'motivation': 'Financial gain',
 'references': [{'source': 'Google Threat Intelligence Group (GTIG)'}],
 'threat_actor': 'UNC6040',
 'title': 'UNC6040 Vishing Campaign Targeting Salesforce Customers',
 'type': 'Vishing',
 'vulnerability_exploited': 'Human error and social engineering'}