The FBI has issued a warning about cybercriminal groups UNC6040 and UNC6395, which are increasingly involved in data theft and extortion activities. According to the agency, these groups have been targeting Salesforce platforms of various organizations through different techniques to gain unauthorized access.
UNC6040 reportedly uses voice phishing to initially access Salesforce accounts. Meanwhile, UNC6395 was identified in August as exploiting compromised access tokens for an AI chatbot that can be integrated with Salesforce systems. These actions have led to successful breaches and data exfiltration from affected victims.
To mitigate the risk of such cyber threats, the FBI has provided several recommendations. For further details on cybersecurity issues, John Riggi, the national advisor for cybersecurity and risk at the American Hospital Association (AHA), can be contacted at jriggi@aha.org. Additional resources and threat intelligence are available on the AHA's website at aha.org/cybersecurity.
Information from this article can be found here.
