Google confirmed this Friday (21) that a cyber attack exploited flaws in third-party integrations connected to Salesforce’s corporate environment and resulted in improper access to data from more than 200 companies.
The investigation is led by the Google Threat Intelligence Group, whose analyst Austin Larsen said he has identified hundreds of potentially compromised instances.
The offensive did not originate from the core of Salesforce, but from applications that bridge the platform. According to Google, the first target was Gainsight, a tool that acts as a systems connector and that ended up compromised after previous attacks against users of Salesloft, the company responsible for operating the Drift marketing tool, based on automation and artificial intelligence.
Take your business to the next level with the country’s top entrepreneurs!
The attack was claimed on Telegram by the Scattered Lapsus$ Hunters collective, which brings together groups already known in the hacker underground, such as ShinyHunters, Scattered Spider and Lapsus$. They claim to have been able to access data from companies such as Atlassian, DocuSign, GitLab, LinkedIn, F5, SonicWall, Thomson Reuters and Verizon.
Salesforce rejected the hypothesis of its own failure and attributed the entire incident to compromised external applications. According to the company, there is no evidence that its infrastructure has been breached.
In addition to claiming the attack, Scattered Lapsus$ Hunters announced that it is preparing to launch a website to extort victims, a move similar to that adopted in October, when the same collective created a page dedicated to exposing stolen data linked to Salesloft to pressure companies into negotiating ransoms.
