Researchers said Google Workspace customers were hit, and noted other platforms are impacted as well. Fresh evidence proves impact was not limited to Salesforce, as Salesloft previously…
A threat group Google tracks as UNC6395 systematically stole large amounts of data from Salesforce customer instances by using OAuth tokens stolen from Salesloft Drift, researchers said.
Attackers have already used the exploit dubbed “ToolShell” to intrude hundreds of organizations globally, including private companies and government agencies.
Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers.
The arrest came at the request of the United States, which hailed the development as a sign that patience in pursuing cybercriminals in court is rewarded.
Russian President Vladimir Putin delivers a speech standing in front of the monument “Fatherland, Valor, Honor” outside of the Foreign Intelligence Service of the Russian Federation (SVR) in Moscow on June 30, 2022. (Photo by Mikhail Metzel / Sputnik / AFP) (Photo by MIKHAIL METZEL/Sputnik/AFP via Getty Images)
They weren’t in any hurry, according to Citizen Lab, and used an interesting attack vector. Google Threat Intelligence Group also provided details on the attacks.
A Bank Sepah branch in Tehran, Iran in 2021. Iran-focused media outlets report Bank Sepah branches are closed after a cyberattack. (Photo by ATTA KENARE/AFP via Getty Images)
The attack introduces a clear cyber element with immediate consequences for the country’s critical infrastructure amid a growing conflict between Israel and Iran.