Hackers pose as IT staff, steal Salesforce data from 20+ firms: Google
CALIFORNIA, UNITED STATES — A sophisticated hacking group with ties to a global cybercrime network has infiltrated at least 20 companies by impersonating IT support staff to steal Salesforce data, according to a new report from Google’s Threat Intelligence team.
The attackers, linked to the loosely organized “The Com” collective, rely on social engineering rather than software vulnerabilities, leaving businesses vulnerable to extortion and data breaches.
Social engineering tactics exploit human weaknesses
Google stresses in its report that the attacks happened due to people’s low awareness of cybersecurity, not because of any flaws in Salesforce. It was confirmed by Salesforce that the issues are related to vishing scams, which proves the significance of employee training.
However, a Salesforce spokesperson said in an email to Bloomberg, “There’s no indication the issue described stems from any vulnerability inherent to our services.”
“Attacks like voice phishing are targeted social engineering scams designed to exploit gaps in individual users’ cybersecurity awareness and best practices,” the spokesperson added.
At times, the victims weren’t aware they had suffered an attack until a long time later, when the attackers demanded payment to take their data away. The fact that the group delays extortion means they try to steal as much data as possible without being spotted.
Google warns that while retail has been a key target, no industry is immune, urging businesses to bolster defenses against social engineering attacks.
Links to ‘The Com’ and Scattered Spider cybercrime groups
The hackers’ methods and infrastructure align with those used by Scattered Spider, a subgroup within “The Com” collective, known for high-profile breaches involving IT impersonation and SIM-swapping.
Austin Larsen, a principal threat analyst at Google Threat Analyst Group, noted that while the group has targeted retail, evidence linking them to recent ransomware attacks remains inconclusive.
These incidents point to an increase in attacks that make use of simple methods and still cause a lot of harm that is why Google is urging companies to stay alert to so-called social engineering attacks.
Because of these recent incidents involving Adidas, Victoria’s Secret, and Cartier, experts believe that social engineering is still a big danger.
