Research from Cisco Talos and Google Threat Intelligence Group underscores the extent to which North Korea-aligned attackers attempt to avoid detection.

Researchers said malicious activity dates back to early July and active exploitation was observed two months ago.

Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.

The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment.

Researchers tell CyberScoop that notorious ransomware group Clop may be behind the email barrage.

The researchers who uncovered the “very, very advanced adversary” behind the malware said it could be a big problem years into the future.

Experts say companies often struggle to manage the aftermath when they discover an employee’s true identity is not what it seemed.

The company said a threat actor accessed and snooped around its account for months, then stole OAuth tokens for Drift integrations from its cloud environment.

Salesloft said the AI chat agent for sales and leads will be taken offline, as investigations into the attack spree widen and reveal more victims.

Researchers said Google Workspace customers were hit, and noted other platforms are impacted as well. Fresh evidence proves impact was not limited to Salesforce, as Salesloft previously…