SysBlue Cyber Solutions’ Post

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks https://ift.tt/eNVUM0s The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks. "Both groups have recently been observed targeting organizations' Salesforce platforms via different initial access mechanisms," the FBI said. UNC6395 is a via The Hacker News https://ift.tt/wxEetpM September 13, 2025 at 04:04AM

The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks.

The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks. "Both groups have recently been observed targeting organizations' Salesforce platforms via different initial access mechanisms," the FBI said. UNC6395 is a threat group that has been attributed a widespread data theft campaign targeting Salesforce instances in August 2025 by exploiting compromised OAuth tokens for the Salesloft Drift application. In an update issued this week, Salesloft said the attack was made possible due to the breach of its GitHub account from March through June 2025. https://lnkd.in/g-pnsPAC

The Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks. "Both groups have recently been observed targeting organizations' Salesforce platforms via different initial access mechanisms," the FBI said. UNC6395 is a threat group that has been attributed a widespread data theft campaign targeting Salesforce instances in August 2025 by exploiting compromised OAuth tokens for the Salesloft Drift application. In an update issued this week, Salesloft said the attack was made possible due to the breach of its GitHub account from March through June 2025. https://lnkd.in/e9W78jYW

The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks. https://lnkd.in/g-pnsPAC

The U.S. FBI issued a flash alert to warn of malicious activities carried out by two cybercriminal groups tracked as UNC6040 and UNC6395 which are increasingly targeting Salesforce platforms for data theft and extortion https://ow.ly/nF8050WXgoR

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks. "Both groups have recently been observed targeting organizations' Salesforce platforms via different initial access mechanisms," the FBI said. Read more | https://lnkd.in/dyZaAAxx

🚨 Data Breach Alert A database containing 5 million Federal Public Finance user records has been reportedly exposed by a threat actor. Compromised data fields include: Last name, First name, Middle name, Full name Gender, Birth date, Birth place, Birth country Function, Number, Remark, Embargos, Type This leak contains sensitive personal information and may be used for identity theft or financial fraud. This breach has not been independently verified. For more info: https://darkgen.io #CyberSecurity #DataBreach #FinancialData #OSINT #Infosec #PrivacyBreach #DarkWeb #ThreatIntel

Businesses can leverage digital footprints, such as device and behavioral intelligence, to combat evolving fraud tactics like phishing and cross-border schemes. By integrating global intelligence and multi-layered security strategies, companies can enhance fraud detection while maintaining a seamless customer experience. #fraud #frauddetection #fraudprevention

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks https://lnkd.in/gfUAa6eT The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks. "Both groups have recently been observed targeting organizations' Salesforce platforms via different initial access mechanisms," the FBI said. UNC6395 is a threat group that has been attributed a widespread data theft campaign targeting Salesforce instances in August 2025 by exploiting compromised OAuth tokens for the Salesloft Drift application. In an update issued this week, Salesloft said the attack was made possible due to the breach of its GitHub account from March through June 2025. As a result of the breach, Salesloft has isolated the Drift infrastructure and taken the artificial intelligence (AI) chatbot application offline. The company also said it's in the process of implementing new multi-factor authentication processes and GitHub hardening measures.