A hacking group has been impersonating IT personnel to break into companies' Salesforce tools, using the access for data theft and extortion, according to a new report from Google's threat intelligence group.
The hackers, which have links to a loosely affiliated group of hackers largely based in the U.S., UK and Western Europe called the Com, successfully breached the networks of at least 20 companies in the U.S. and Europe, Google said.
They operate by calling up employees and pretending to be IT support personnel, convincing them to provide sensitive credentials and using that to steal Salesforce data, Google said in the report published Wednesday. In some cases, the hacker was able to fool an employee into connecting a malicious app to their organization's Salesforce portal, allowing the hacker to steal Salesforce data.
Read more:
Some victims didn't receive an extortion demand in exchange for the deletion of the data until months after it was stolen, according to the report. The hackers relied on manipulating its victims, not any vulnerability in Salesforce tools, Google said.
"There's no indication the issue described stems from any vulnerability inherent to our services," a Salesforce spokesperson said in an email. "Attacks like voice phishing are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices."
In a March
Read more:
The hacking group used infrastructure and methods previously used by members of the Com, Google said. Members of the hacking group Scattered Spider, which was accused of a raft of high-profile attacks in recent years, many of which involved impersonating IT staff, have also been linked to the Com, made up mostly of young male SIM-swappers who organized on social media channels to steal cryptocurrency by taking control of victims' phone numbers.
Google urged companies to remain vigilant against so-called social engineering attacks.
