Google Suffers Data Breach at Hands of Notorious Hacking Group 'ShinyHunters'
Google has become the latest victim in a series of high-profile Salesforce CRM data theft attacks conducted by a notorious extortion group known as ShinyHunters. In a recent update to an article warning about ongoing Salesforce data theft attacks, Google revealed that it too fell victim to a breach in June. This disclosure comes amidst a wave of similar incidents targeting various companies, all orchestrated by the ShinyHunters threat actor group.
The tech giant's disclosure reveals that one of its corporate Salesforce instances was compromised in June, allowing the attackers to exfiltrate customer data during a brief window before access was cut off. The stolen data was reportedly limited to basic and largely public business information, such as company names and contact details.
Classified Threat Actors Behind the Attacks
Google has classified the threat actors behind these attacks as ‘UNC6040’ or ‘UNC6240.’ However, BleepingComputer, which has been closely monitoring the situation, has confirmed that ShinyHunters is responsible for the breaches.
A Long History of High-Profile Attacks
The notorious group has a long history of high-profile attacks, including those targeting PowerSchool, Oracle Cloud, Snowflake, AT&T, NitroPDF, Wattpad, MathWay, and many others. In a conversation with BleepingComputer, ShinyHunters claimed to have breached numerous Salesforce instances, with attacks still ongoing.
The threat actor even hinted at having compromised a trillion-dollar company, though it remains unclear if this refers to Google. This is just one example of the group's brazen tactics, which involve conducting voice phishing (vishing) social engineering attacks to trick employees into granting access to their companies' Salesforce instances.
The Modus Operandi: Voice Phishing and Social Engineering
Once inside, the attackers proceed to download customer data, which is then used to extort the targeted companies, demanding ransom payments to prevent the data from being publicly leaked. BleepingComputer has learned that one company has already paid four Bitcoins (approximately $400,000) to prevent the leak of their data.
Other high-profile victims include Adidas, Qantas, Allianz Life, Cisco, and LVMH subsidiaries such as Louis Vuitton, Dior, and Tiffany & Co. The sheer scale and audacity of these attacks serve as a stark reminder of the ongoing threat posed by groups like ShinyHunters.
Conclusion
Google's disclosure is just the latest in a series of high-profile data breaches attributed to ShinyHunters. As the threat landscape continues to evolve, it is essential for companies and individuals alike to remain vigilant and take proactive measures to protect themselves from these types of attacks.
Read more about this story at BleepingComputer here.