[Alert] Protect Your Salesforce Data, FBI Warns of Targeted Attacks by Hacker Groups

Alert: The FBI has issued a warning about two hacker groups, UNC6040 and UNC6395, targeting Salesforce instances for data theft and extortion. These groups employ different tactics, including voice phishing and exploiting compromised OAuth tokens.

Impact: Falling victim to these attacks can result in unauthorized access to sensitive data, financial loss, and potential reputational damage. Hundreds of organizations are potentially affected, highlighting the widespread risk.

Action:

1. Educate Staff: Train customer-support and other relevant staff on recognizing and handling phishing attempts, especially voice phishing, to prevent credential exposure.
2. Monitor for Indicators of Compromise: Utilize the FBI's provided indicators to identify any signs of these specific threats within your Salesforce instances.
3. Review Access Permissions: Regularly audit and restrict access permissions to Salesforce instances, ensuring only necessary personnel have access.
4. Refresh OAuth Tokens: If you use integrated services like Salesloft Drift, revoke and refresh OAuth tokens to prevent unauthorized access.
5. Stay Informed: Keep abreast of alerts and updates from Salesforce and security agencies to promptly react to new threats and guidance.