Cybercriminals announced a massive data breach involving near 1 billion records from Salesforce, a leading cloud technology company. The hacker group, “Scattered LAPSUS$ Hunters,” claimed responsibility, stating that the records contain sensitive personal information.
Details of the Cyber Attack
The group has been linked to previous ransomware attacks targeting major British retailers, including:
- Marks & Spencer
- Co-op
- Jaguar Land Rover
Despite these claims, Salesforce denied that its systems had been compromised. A spokesperson stated that there is no evidence suggesting a breach of their platform or any known vulnerabilities.
Methodology of the Attack
One hacker, who went by the name Shiny, explained the group’s tactics. They did not directly breach Salesforce but rather used voice phishing, or “vishing.” This involves impersonating employees to trick IT help desks into providing access.
On October 3, the group published a leak site on the dark web, listing around 40 companies that it purportedly hacked. However, it remains unclear which of these companies are Salesforce clients.
Security Implications
Cybersecurity researchers have tracked the Scattered LAPSUS$ Hunters under the name “UNC6040.” They emphasized that the group effectively deceives employees into downloading harmful software, including a modified version of Salesforce’s Data Loader.
Law Enforcement Actions
In response to rising cyber threats, British police arrested four individuals under the age of 21 in July. This was part of an investigation into the significant disruptions caused by cyberattacks on UK retailers.
Both Salesforce and the hackers have not confirmed whether ransom negotiations are ongoing. The implications of this breach highlight the growing concerns over data security in the digital age.
El-Balad continues to monitor this evolving story for further developments.
