Google warns of social engineering campaign targeting Salesforce users

A recent report from Google's threat intelligence team reveals that a hacking group has successfully infiltrated the Salesforce systems of over 20 organizations in the United States and Europe. This group, linked to a loosely connected collective known as 'the Com,' has relied on social engineering techniques rather than exploiting software vulnerabilities to access sensitive corporate information. By impersonating IT support staff through phone calls, the attackers deceived employees into providing login credentials or integrating malicious applications into their Salesforce platforms. Once they gained access, the hackers exfiltrated data and sometimes waited for months before demanding ransom from their victims. Google's findings indicate that no technical flaws within Salesforce itself were exploited. A Salesforce representative confirmed, "There’s no indication the issue described stems from any vulnerability inherent to our services." They emphasized that attacks like voice phishing are targeted social engineering scams that take advantage of individual users' cybersecurity awareness gaps. Earlier this year, Salesforce had already issued a warning regarding the rising use of social engineering tactics aimed at compromising customer accounts, providing guidance to help organizations bolster their defenses. Although many of the recent attacks have impacted the retail sector, the group's activities are believed to span various industries. Major retailers such as Marks & Spencer, Co-op, Adidas, Victoria’s Secret, Cartier, and North Face have recently faced cyberattacks. However, Google noted insufficient evidence to directly connect the Com group to these specific incidents. Austin Larsen, Principal Threat Analyst at Google’s Threat Analysis Group, stated, "While we’ve seen this group target retail, they have also targeted other industries, and we do not have enough information to definitively link this group to the recent hacks in the US and UK more broadly." The investigation also uncovered that the perpetrators utilized infrastructure and methods previously associated with members of the notorious Scattered Spider hacking collective, known for impersonating IT personnel as part of their tactics. Some members are suspected of being involved in SIM-swapping schemes aimed at stealing cryptocurrency, often coordinating their efforts through social media. In light of these developments, Google is urging businesses to enhance employee training and remain vigilant against the persistent threat of social engineering, which continues to be a major vector for cyberattacks despite advancements in technical security.