Sign up here.
Reuters was not able to verify the group’s claims. Salesforce said its systems were not hacked.
“At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology,” a Salesforce spokesperson said.
One of the hackers, who identified themselves as Shiny, told Reuters in an email they did not directly hack Salesforce, but targeted Salesforce customers using “vishing,” or voice phishing, a form of social engineering attack in which hackers impersonate employees to IT help desks over the phone.
Scattered LAPSUS$ Hunters published a leak site on the darkweb on Friday which listed around 40 other companies it said it had hacked. It was not clear if those companies were Salesforce clients. Both the hackers and Salesforce declined to say if they were negotiating a ransom.
In June, security researchers at Google’s Threat Intelligence Group said the group, which it tracks as “UNC6040,” had “proven particularly effective at tricking employees” into installing a modified version of Salesforce’s Data Loader, a proprietary tool used to bulk import data into Salesforce environments.
Technical infrastructure tied to the hacking campaign shares characteristics with suspected ties to the broader and loosely organised ecosystem known as “The Com,” which is known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the Google researchers said.
In July, British police arrested four people under 21 as part of a police investigation into cyberattacks that disrupted operations at UK retailers.
Reporting by James Pearson; Editing by Sergio Non and Diane Craft