LONDON :Cybercriminals connected to a recent string of ransomware attacks on major British retailers said on Friday they had stolen almost 1 billion records from cloud technology giant Salesforce by focusing on companies that use its software.
A group calling itself “Scattered LAPSUS$ Hunters” told Reuters it had obtained the Salesforce records, and said they contain personally identifiable information. The group also claimed responsibility for the hacks of Marks & Spencer, Co-op and Jaguar Land Rover earlier this year.
Reuters was not able to verify the group’s claims. Salesforce said its systems were not hacked.
“At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology,” a Salesforce spokesperson said.
One of the hackers, who identified themselves as Shiny, told Reuters in an email they did not directly hack Salesforce, but targeted Salesforce customers using “vishing,” or voice phishing, a form of social engineering attack in which hackers impersonate employees to IT help desks over the phone.
Scattered LAPSUS$ Hunters published a leak site on the darkweb on Friday which listed around 40 other companies it said it had hacked. It was not clear if those companies were Salesforce clients. Both the hackers and Salesforce declined to say if they were negotiating a ransom.
In June, security researchers at Google’s Threat Intelligence Group said the group, which it tracks as “UNC6040,” had “proven particularly effective at tricking employees” into installing a modified version of Salesforce’s Data Loader, a proprietary tool used to bulk import data into Salesforce environments.
Technical infrastructure tied to the hacking campaign shares characteristics with suspected ties to the broader and loosely organised ecosystem known as “The Com,” which is known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the Google researchers said.
In July, British police arrested four people under 21 as part of a police investigation into cyberattacks that disrupted operations at UK retailers.
Source: CNA
