Salesforce Users Hit in Google-Uncovered Attack Spree

A cybercrime group tracked as UNC6040 has targeted approximately 20 organizations through a series of social-engineering attacks exploiting Salesforce customer accounts, according to Google’s Threat Intelligence Group. The campaign involves tricking individuals into providing sensitive information, enabling attackers to gain unauthorized access to enterprise systems.

The attacks represent a growing trend in threat actors leveraging trusted platforms like Salesforce to bypass traditional security defenses. Google’s researchers said the victims were manipulated into handing over credentials or other access-enabling data, allowing UNC6040 to infiltrate business networks.

The incidents underscore the persistent risk posed by social-engineering techniques, which continue to be effective despite advances in cybersecurity tools. The use of a widely trusted platform suggests the attackers are refining their tactics to increase success rates and minimize detection.

Google’s Threat Intelligence Group is continuing to monitor the activity, warning that more organizations may be at risk if preventative measures are not strengthened across cloud-based services.