Salesforce has stated that it will not comply with an extortion request made by a criminal organization claiming to have acquired approximately 1 billion records from numerous Salesforce clients.
The group making the threats initiated their operation in May by contacting organizations that store information on the Salesforce platform, according to Google-owned Mandiant reported in June. The English-speaking callers created a façade that required the target to link an attacker-controlled application to their Salesforce portal. Remarkably—but not unexpectedly—many individuals who took the calls acquiesced.
It’s turning into a significant issue
The group orchestrating the operation refers to itself as Scattered LAPSUS$ Hunters, a blend of three well-known data extortion groups: Scattered Spider, LAPSuS$, and ShinyHunters. Mandiant, on the other hand, monitors the group as UNC6040, as researchers have yet to definitively identify the affiliations.
Earlier this month, the group launched a website listing Toyota, FedEx, and 37 additional Salesforce customers whose information was compromised in the operation. Overall, the number of records retrieved, as claimed by Scattered LAPSUS$ Hunters, was “989.45m/~1B+.” The website urged Salesforce to start discussions regarding a ransom sum “or all your customers [sic] data will be exposed.” It further asserted: “No one else will need to pay us if you pay, Salesforce, Inc.” The website indicated that the deadline for payment was Friday.
In an email sent on Wednesday, a Salesforce spokesperson stated that the company is rejecting the demand.
