The campaign is attributed to a threat group Google tracks as UNC6040, which, after breaching Salesforce, moves laterally across cloud services, targeting tools like Okta, Microsoft 365, and Workplace to widen the scope of the breach.
According to David Stuart, cybersecurity Evangelist, Sentra, theft of Google-hosted data makes sense. “This breach is the latest in a string of attacks targeting Salesforce environments, from Qantas to Pandora and now Google,” he said. “It’s a clear signal that attackers are focusing on where data is most concentrated, and often least visible — within cloud SaaS applications.”
Stolen data is publicly available: Google
According to the update, the breach is likely to have a minimal impact due to the nature of the stolen data. “The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details,” the update said.
