Hackers Using Fake IT Support Calls to Breach Corporate Systems, Google

A financially motivated group of hackers known as UNC6040 is using a surprisingly simple but effective tactic to breach enterprise environments: picking up the phone and pretending to be IT support, simply called voice phishing (Vishing).

According to a new report from Google’s Threat Intelligence Group (GTIG), this actor has been impersonating internal tech staff in phone-based social engineering attacks. Their goal is to trick employees, mostly in English-speaking branches of multinational companies, into granting access to sensitive systems, particularly Salesforce, a widely used customer relationship management (CRM) platform.

What sets this group apart isn’t just their impersonation tactics, but their laser focus on data theft and extortion involving Salesforce environments.

How the Scam Works

UNC6040 doesn’t rely on exploits or security vulnerabilities. Instead, it counts on human error. The attackers call employees and walk them through approving a connected app inside Salesforce. But this isn’t ...