FBI warns of SForce platform attacks by UNC6040 and UNC6395

The FBI has released a FLASH alert on the targeting of Salesforce platforms by the cybercriminal groups UNC6040 and UNC6395, which are responsible for a surge in data theft and extortion attempts. Click for indicators of compromise (IOCs) and protect your organization: https://lnkd.in/dtbqTUTw

🔒 Time to Re-Scrutinize Longstanding Platforms The FBI just issued an alert on Salesforce attacks (ic3.gov). It’s a reminder that even platforms we’ve trusted for years — and that are deeply embedded in business workflows — remain prime targets. Threat groups are exploiting social engineering, malicious “connected apps,” and OAuth tokens to bypass MFA and blend in as legitimate users. 👉 Key takeaway: longevity ≠ safety. Cyber teams should audit integrations, review connected apps, and tighten privileges on platforms that have become “too familiar.” How often does your org revisit trust in its oldest third-party tools? #cybersecurity #thirdpartyrisk #Salesforce #infosec

Salesforce has been a target as of late for exploitation. Threat actors target organizations across multiple verticals and seek to disrupt business continuity by targeting this application as it directly ties to sales.

The FBI has issued an urgent FLASH alert warning of increased targeting of Salesforce environments by advanced threat actors UNC6040 and UNC6395. These groups are actively exploiting misconfigurations to steal sensitive data and extort organizations — a serious risk to any business handling CUI or operating under DFARS/CMMC requirements. 🔍 Review Indicators of Compromise (IOCs) and FBI guidance here: 👉 https://lnkd.in/dtbqTUTw 📌 DIB Advisory: If your organization uses Salesforce, immediate review of access controls, API configurations, and third-party integrations is essential. Ensure you’re logging and monitoring platform activity and verifying MFA enforcement for all user accounts. 🔐 Stay audit-ready. Stay cyber-safe. #CMMC #DFARS #SalesforceSecurity #Cybersecurity #DIB #FBIFlash #UNC6040 #UNC6395 #Compliance #CUI #NIST800171

🔴 ***Important Read - Actionable IOCs*** Folks, we at the American Hospital Association publicly posted this bulletin shortly after it’s publication yesterday afternoon due to its importance. Voice social engineering, stolen tokens and compromised #artificial_intelligence and chat features of Salesforce, Salesloft Drift, a Salesloft company Vulnerabilities in commonly used artificial intelligence features and programs being exploited by very creative cyber adversaries, to gain broad network and data access. #Thirdpartyrisk from their third-party technology providers, combined with AI vulnerabilities. Very, very difficult to identify and defend against. Hang on folks, this is just the beginning. Insist on secure by design principles in all software applications and artificial intelligence. Focus on resiliency and recovery as well as defensive measures. #oneteamonefight #cybersecurity #healthcare FBI Cyber Division Cybersecurity and Infrastructure Security Agency National Security Agency Scott Gee

FBI Cyber Division Alert: threat actors are compromising Salesforce environments to steal data and extort victims. Techniques include vishing calls to help desks, malicious connected apps which bypass MFA, and stolen OAuth tokens from integrations such as Drift. Organizations using Salesforce should review the advisory, audit connected apps, rotate tokens if needed, enforce phishing-resistant MFA, and train call center teams. Full details: https://lnkd.in/e7pTMNcB Federal Bureau of Investigation (FBI) #FBICyber

Many companies use Salesforce as an integral part of our business and customer management processes. Please read the recent FBI FLASH alert on recent cyber threats targeting Salesforce platforms…

Well, this was already supposed to be taken advantage of in sometime in the future. But, this came really early. On another note, it's been a day of constant leaks (hinting China!), more sensitive news and some more insights on how cyber ops is changing drastically. The threat landscape is now more, ever, complex.

As a customer of vendor victims we have to be aware that threat actors gain insight into what entrerprise and government agency tech is being used internally. This gives them info on how to compromise the enterprise. 😡

Having the ability to determine Trustworthiness is key to avoiding harm. 100% agree with Johns message. The risk is real, proactive due diligence and readiness are critical success factors to avoid danger. CISA provides a webtool to help parties assess a suppliers adherence to CISA Secure by Design best practices and NIST Guidance to identify trustworthy products and vendors; https://lnkd.in/ecEJQkkJ Always ask a supplier to show you their CISA SAG Webtool report to know if they are following proper Secure by Design practices and guidelines.