You’ve likely seen the news about the FBI seizing a portal used for widespread Salesforce attacks last week. The possibility for compromise does not end there, though.
The FBI has released multiple Indicators of Compromise (IoC’s) to assist organizations in determining if their Salesforce platform has been compromised. Threat actors designated as UNC6040 and UNC6395 have been using various methods to obtain initial access, including vishing and phishing attacks against organization help desks, and compromised authentication tokens from breached Salesforce integrated applications.
Check out the FBI FLASH notification for IP addresses and URL’s associated with these two threat actors for detailed information. It is strongly recommended that organizations check their environment for systems accessing these IoC’s and investigate appropriately.
If you use the low code solutions in Salesforce and find yourself with a complex organization and permission structure, consider having Raxis perform a Salesforce security audit on your organization to ensure you are staying up on the latest security recommendations.
