Threat Research

    Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion

    This FLASH is being issued to share Indicators of Compromise (IOCs) linked to recent malicious cyber activities carried out by cybercriminal groups UNC6040 and UNC6395. These groups are responsible for a growing number of data theft and extortion incidents and have recently been observed targeting organizations' Salesforce platforms through various initial access methods....
    9/15/2025  0
    Read More »

    Threat Brief: Salesloft Drift Integration Used to Compromise Salesforce Instances

    The team identified threat actor activity exploiting the Salesloft-Drift integration to breach Salesforce instances. From August 8–18, 2025, compromised OAuth credentials were used to exfiltrate sensitive Salesforce data. The actor targeted objects like Account, Contact, Case, and Opportunity, and scanned for credentials post-exfiltration....
    9/3/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.