A menace actor supposedly fashioned of members of identified hacking teams has claimed the theft of huge quantities of information from dozens of Salesforce clients.
Calling themselves Scattered LAPSUS$ Hunters, the miscreants seem like members of the infamous Lapsus$, Scattered Spider, and ShinyHunters teams.
Lapsus$ has been inactive since 2022, when Scattered Spider emerged. ShinyHunters first appeared in 2020 and joined forces with Scattered Spider earlier this yr. They collectively introduced their retirement final month.
On a brand new Tor-based leak web site, Scattered LAPSUS$ Hunters has listed 39 organizations focused of their latest Salesforce marketing campaign, claiming the theft of their knowledge from Salesforce cases and threatening to leak it until the CRM supplier pays a ransom.
The record contains identified manufacturers resembling Adidas, Air France/KLM, Allianz Life, Cisco, Dior, Disney, FedEx, Google, Dwelling Depot, Kering, Louis Vuitton, Qantas, Stellantis, Toyota, TransUnion, UPS, and Workday.
The hackers, who declare the theft of a complete of roughly 1 billion data from the affected organizations’ Salesforce cases, instructed DataBreaches that different companies have been hit as nicely, however aren’t listed on the location.
In a discover on its web site, Salesforce mentioned it had no indication that its platform may need been hacked, and that the group’s claims don’t seem associated to vulnerabilities in its platform.
“We’re conscious of latest extortion makes an attempt by menace actors, which now we have investigated in partnership with exterior specialists and authorities. Our findings point out these makes an attempt relate to previous or unsubstantiated incidents, and we stay engaged with affected clients to supply help,” Salesforce mentioned.
As AppOmni co-founder and CTO Brian Soby factors out, the Scattered Spider and ShinyHunters’ retirement was brief lived, because the group is not solely attempting to extort sufferer organizations, but in addition Salesforce.
“They declare they may collaborate with plaintiffs in ongoing lawsuits in opposition to Salesforce over latest breaches until Salesforce pays them straight,” Soby mentioned.
“This tactic is uncommon. To our information, it’s the first time an attacker has threatened to take part in or leverage present litigation in opposition to the seller of a compromised platform and its native security instruments as a part of an extortion marketing campaign,” he added.
Soby additionally identified that the hackers doubtless compromised the Salesforce cases utilizing social engineering and stolen credentials, which reveals that many organizations haven’t applied the mandatory instruments and practices to successfully meet their Shared Accountability obligations.
“What’s novel right here is the try to border alleged negligence not simply in opposition to clients, however in opposition to the seller and its native, first-party security instruments,” Soby added.
