XeniCore

Category: Data Breach

  • One Breach, Many Victims: How the UNC6395 Attack Exposed the SaaS Supply Chain

    In the modern enterprise, third-party apps are the engines of productivity. We integrate them into our core platforms like Salesforce, granting them trusted access to our data to streamline workflows. But what happens when the keys to one of those trusted partners fall into the wrong hands?

    A threat actor tracked as UNC6395 recently provided a devastating answer. In a sophisticated supply chain attack that impacted over 700 organizations, the group compromised the Salesloft “Drift” integration, stealing its OAuth tokens. They then used these tokens to access the Salesforce environments of multiple downstream customers, exfiltrating data at scale. High-profile cybersecurity and tech companies, including Cloudflare, Zscaler, Palo Alto Networks, and SpyCloud, have all publicly confirmed being impacted by this widespread campaign.

    (more…)

  • From Vishing to Breach: Deconstructing the Salesforce Social Engineering Campaign

    The phone rings. The caller ID might be blocked, or it might be cleverly spoofed to look internal. On the other end is a polite, knowledgeable, and helpful person claiming to be from your IT department. They need your help to install a critical “Data Loader” utility or a system update in Salesforce. They sound legitimate. They sound urgent.

    This is the opening move of a sophisticated attack by a threat group tracked as UNC6040. In this threat briefing, we’ll dissect how this group turns a simple phone call into a full-scale CRM data breach, not by hacking Salesforce, but by hacking the trust of your employees.

    This isn’t a vulnerability in the Salesforce platform itself; it’s a clever abuse of the legitimate, trusted pathways that make the modern cloud ecosystem work.

    (more…)