Salesforce platforms are being cracked open for data theft - FBI warns of UNC6040 and UNC6395 IOCs

• Two threat groups, UNC6040 and UNC6395, are actively targeting Salesforce accounts to steal sensitive data
• UNC6395 exploits integrations like the Salesloft Drift chatbot, while UNC6040 uses phone-based social engineering to impersonate IT staff and gain access
• The FBI warns that follow-up extortion attacks are often carried out by ShinyHunters, linked to Scattered Spider

Two separate threat actors are currently targeting organizations’ Salesforce accounts to steal sensitive data found within. This is according to the US Federal Bureau of Investigation (FBI), which recently issued a FLASH advisory to warn businesses about the ongoing threat.

"The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 and UNC6395, responsible for a rising number of data theft and extortion intrusions," the agency said in its advisory.

"Both groups have recently been observed targeting ...