top of page

Hackers Exploit Modified Salesforce App to Steal Data and Extort Firms, Google Warns

  • Writer: tech360.tv
    tech360.tv
  • Jun 5
  • 2 min read

Hackers are using a tampered version of a Salesforce-related app to steal sensitive data and extort companies across Europe and the Americas, according to Google.


Blue cloud-shaped logo with the word "salesforce" in white, centered on a plain white background. Clean and professional design.
Credit: SALESFORCE

The cybercriminal group, tracked by Google’s Threat Intelligence Group as UNC6040, has been targeting employees with a modified version of Salesforce’s Data Loader tool. The tool is typically used to bulk import data into Salesforce environments.


Google researchers said the hackers have been particularly effective at deceiving employees into installing the malicious app. They use voice calls to direct victims to a fake Salesforce connected app setup page, where the altered app mimics the legitimate Data Loader.


Once installed, the app gives hackers extensive access to query and extract sensitive data from compromised Salesforce environments. This access often allows them to infiltrate other cloud services and internal corporate networks.


Google said the technical infrastructure used in the campaign shows links to “The Com,” a loosely organised cybercriminal ecosystem known for both digital and violent activities.


A Google spokesperson said about 20 organisations have been affected by the UNC6040 campaign in recent months. Some of these organisations had data successfully exfiltrated.


Salesforce said the issue does not stem from any vulnerability in its platform. A spokesperson described the attacks as targeted social engineering scams that exploit gaps in individual users’ cybersecurity awareness.


Salesforce declined to specify how many customers were affected but said only a small subset had been impacted. The company previously warned customers in a March 2025 blog post about voice phishing, or “vishing,” attacks and the misuse of modified Data Loader tools.

  • Hackers used a fake Salesforce app to steal data and extort companies

  • Google identified the group as UNC6040, active in Europe and the Americas

  • Attackers used voice calls to trick employees into installing the app


Source: REUTERS

Comments

As technology advances and has a greater impact on our lives than ever before, being informed is the only way to keep up.  Through our product reviews and news articles, we want to be able to aid our readers in doing so. All of our reviews are carefully written, offer unique insights and critiques, and provide trustworthy recommendations. Our news stories are sourced from trustworthy sources, fact-checked by our team, and presented with the help of AI to make them easier to comprehend for our readers. If you notice any errors in our product reviews or news stories, please email us at editorial@tech360.tv.  Your input will be important in ensuring that our articles are accurate for all of our readers.

Tech360tv is Singapore's Tech News and Gadget Reviews platform. Join us for our in depth PC reviews, Smartphone reviews, Audio reviews, Camera reviews and other gadget reviews.

  • YouTube
  • Facebook
  • TikTok
  • Instagram
  • Twitter
  • LinkedIn

About Us

Privacy Policy

Disclaimer

info@tech360.tv

© 2021 tech360.tv. All rights reserved.

bottom of page