financetom
Technology
financetom
/
Technology
/
Hackers abuse modified Salesforce app to steal data, extort companies, Google says
News World Market Environment Technology Personal Finance Politics Retail Business Economy Cryptocurrency Forex Stocks Market Commodities
Hackers abuse modified Salesforce app to steal data, extort companies, Google says
Jun 4, 2025 7:22 AM

By AJ Vicens

June 4 (Reuters) - Hackers are tricking employees at

companies in Europe and the Americas into installing a modified

version of a Salesforce ( CRM )-related app, allowing the hackers to

steal reams of data, gain access to other corporate cloud

services and extort those companies, Google said on Wednesday.

The hackers - tracked by the Google Threat Intelligence

Group as UNC6040 - have "proven particularly effective at

tricking employees" into installing a modified version of

Salesforce's ( CRM ) Data Loader, a proprietary tool used to bulk import

data into Salesforce ( CRM ) environments, the researchers said.

The hackers use voice calls to trick employees into visiting

a purported Salesforce ( CRM ) connected app setup page to approve the

unauthorized, modified version of the app, created by the

hackers to emulate Data Loader.

If the employee installs the app, the hackers gain

"significant capabilities to access, query, and exfiltrate

sensitive information directly from the compromised Salesforce ( CRM )

customer environments," the researchers said.

The access also frequently gives the hackers the ability to

move throughout a customer's network, enabling attacks on other

cloud services and internal corporate networks.

Technical infrastructure tied to the campaign shares

characteristics with suspected ties to the broader and loosely

organized ecosystem known as "The Com," known for small,

disparate groups engaging in cybercriminal and sometimes violent

activity, the researchers said.

A Google spokesperson did not share additional

details about how many companies have been targeted as part of

the campaign, which has been observed over the past several

months.

A Salesforce ( CRM ) spokesperson told Reuters in an email that

"there's no indication the issue described stems from any

vulnerability inherent in our platform." The spokesperson said

the voice calls used to trick employees "are targeted social

engineering scams designed to exploit gaps in individual users'

cybersecurity awareness and best practices."

The spokesperson declined to share the specific number

of affected customers, but said that Salesforce ( CRM ) was "aware of

only a small subset of affected customers," and said it was "not

a widespread issue."

Salesforce ( CRM ) warned customers of voice phishing, or "vishing,"

attacks and of hackers abusing malicious, modified versions of

Data Loader in a March 2025 blog post.

Comments
Welcome to financetom comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
Related Articles >
American Stocks Analysis
American Stocks Analysis
May 27, 2024
Adobes stock price (ADBE) fell in the intraday levels, trespassing the support of the 50-day SMA and exposing it to negative pressure, amid the dominance of the main downward trend, with negative signals from the RSI after managing to vent off oversold saturation. Therefore we expect more losses for the stock, targeting the pivotal support of $462.40, provided the resistance...
Update: Calm trades affected by the financial markets
Update: Calm trades affected by the financial markets
May 26, 2024
The major currencies pairs and commodities show weak trades since morning, affected by the financial markets holidays, to keep the suggested scenarios in our recent reports valid without any change, and we recommend to review them to check the expected targets and trends for the upcoming period. ...
Senior US Lawmaker Confirms Taiwan's Ordered Weapons Are On Their Way As China Escalates Military Tensions: 'I'd Like To See It Faster'
Senior US Lawmaker Confirms Taiwan's Ordered Weapons Are On Their Way As China Escalates Military Tensions: 'I'd Like To See It Faster'
May 27, 2024
A senior U.S. lawmaker has confirmed that the weapons Taiwan ordered are en route. This announcement comes in the wake of China’s recent military exercises, which have been described as “intimidating.” What Happened: Rep. Michael McCaul (R-Texas), revealed on Monday that the weapons Taiwan had procured are finally on their way. McCaul, who is the Republican chairman of the House Foreign...
China Slams US And Other G7 Countries For Hyping Up Trade Overcapacity: 'Attempts To Set Obstacles And Limitations'
China Slams US And Other G7 Countries For Hyping Up Trade Overcapacity: 'Attempts To Set Obstacles And Limitations'
May 27, 2024
China has responded to the Group of Seven (G-7) nations’ criticism of its trade practices, accusing them of exaggerating the issue of overcapacity. What Happened: The G-7 finance ministers and central bankers claimed on Saturday that China’s non-market policies harm global economies, Bloomberg reported on Monday. During a regular press briefing in Beijing on Monday, Chinese Foreign Ministry spokeswoman Mao...
Copyright 2023-2026 - www.financetom.com All Rights Reserved