Warning: Crooks Are Using Vishing Attacks To Compromise Salesforce Instances
KnowBe4, Monday, June 9th, 2025
A criminal threat actor tracked as 'UNC6040' is using voice phishing (vishing) attacks to compromise organizations' Salesforce instances, according to researchers at Google's Threat Intelligence Group
After gaining access, the attackers exfiltrate the victim's data and hold it for ransom.
'Over the past several months, UNC6040 has demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements,' the researchers write.