🎧☁️ When the “help desk” helps itself. UNC6040’s phone-phishing swarm hijacks Salesforce via a doctored Data Loader — Google fingers 20+ victims (and counting).
Post-theft, they disappear, only to resurface months later with extortion demands — pivoting through other “trusted” tools like ConnectWise & Atera.
Dig into the playbook → https://blog.alphahunt.io/vishing-meets-cloud-unc6040s-abuse-of-salesforce-connected-apps-for-stealthy-data-exfiltration
#AlphaHunt #Vishing #Salesforce #CloudSecurity #CyberSecurity