UNC6040 Vishing Threat ‘Particularly Effective’ at Tricking Employees Into Breaching Networks to Steal Salesforce Data

We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details.

Instances of Salesforce inside organizations have become targets of voice phishing (vishing) campaigns that aim to compromise large amounts of data and apply extortion tactics.

Known as UNC6040, the threat “has demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements” over the past several months, according to Google Threat Intelligence Group (GTIG), which is tracking the vishing campaign.

UNC6040 “has proven particularly effective” in tricking employees into sharing sensitive credentials, ultimately resulting in the theft of an organization’s Salesforce data. The targets are often English-speaking branches of multinational corporations.

“In the past year, we’ve observed an uptick in the use of vishing for initial access ...