Narayan AmmachchiThird-party IT support providers are likely to come under heightened scrutiny following a spate of cyberattacks in which hackers impersonated IT personnel to infiltrate multinational companies and steal sensitive data.
A new threat group, dubbed UNC6040, is reportedly targeting English-speaking multinational firms through highly coordinated voice phishing campaigns, according to a recent study by Google’s Threat Intelligence Group.
So far this year, the campaign has compromised at least 20 companies across industries such as hospitality, retail and education in both the Americas and Europe.
The hackers pose as IT support staff during phone calls with employees, convincing them to download a compromised version of Salesforce Data Loader — a legitimate data management tool.
Once installed, the tampered software grants the attackers access to corporate systems and critical information.
This method has sown mistrust within companies, as genuine IT support calls are increasingly being met with skepticism. The bigger concern, however, is that these attacks exploit human trust rather than technical vulnerabilities, making IT help desks an ideal entry point for social engineering tactics.
Salesforce has also confirmed instances of this malicious activity impacting its customers.
Industry analysts are urging multinational corporations to intensify employee training and awareness programs to safeguard the integrity of legitimate IT support operations. Even Salesforce has confirmed instances of this malicious activity impacting its customers.
UNC6040’s operations often remain undetected for extended periods. After exfiltrating data, the group reportedly collaborates with ransomware affiliates, who follow up with extortion calls, threatening to leak the stolen information unless a ransom is paid.
With tactics mirroring those used by notorious cybercrime syndicates like The Com and Scattered Spider, UNC6040’s campaign is being seen as a wake-up call for enterprises globally.
Add comment