Yazılar

Hacker Group Claims Theft of Nearly 1 Billion Salesforce Records; Company Denies Breach

/in /tarafından

A hacker collective calling itself “Scattered LAPSUS$ Hunters” claims to have stolen nearly 1 billion records linked to Salesforce, the global cloud software giant, by targeting companies that use its platform. The group—believed to be behind recent ransomware attacks on major U.K. retailers including Marks & Spencer, Co-op, and Jaguar Land Rover—told Reuters the stolen data contains personally identifiable information (PII).

Salesforce, however, firmly denied that its systems were compromised. “At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology,” a company spokesperson said.

One hacker, identifying themselves as “Shiny,” told Reuters that the group did not directly hack Salesforce infrastructure but instead exploited its customers through “vishing”—a voice-phishing technique where attackers impersonate employees in calls to IT help desks to gain system access.

The group published a leak site on the dark web on Friday listing around 40 allegedly hacked companies, though it remains unclear how many are Salesforce clients. Both Salesforce and the hackers declined to confirm whether any ransom demands had been made.

In a June report, Google’s Threat Intelligence Group (TAG)—which tracks the hackers as “UNC6040”—said the group had been highly effective at deceiving employees into installing modified versions of Salesforce’s Data Loader, a proprietary tool used to import large volumes of customer data.

Google researchers also noted that the attackers’ infrastructure overlaps with an amorphous cybercriminal network known as “The Com”, a loosely connected ecosystem infamous for social engineering, ransomware, and even violent activity.

The claims come amid an ongoing U.K. police investigation into the earlier wave of cyberattacks that disrupted retail operations nationwide. In July, authorities arrested four individuals under 21 suspected of involvement in the breaches.

While Salesforce’s denial suggests its core systems remain intact, the episode underscores a growing cybersecurity challenge: attackers are increasingly bypassing well-secured platforms by manipulating the humans who use them.

As digital ecosystems become ever more interconnected, the breach—real or exaggerated—illustrates how even the most secure cloud providers can be dragged into the fallout of their customers’ weakest link: trust.

UK Police Arrest Man Over Cyberattack That Disrupted European Airports

/in /tarafından

British police have arrested a man in connection with a ransomware attack on Collins Aerospace, a unit of RTX, that disrupted check-in systems at several European airports and caused widespread travel chaos.

The National Crime Agency (NCA) said the suspect, a man in his 40s, was detained on Tuesday on suspicion of violating the Computer Misuse Act. He has since been released on conditional bail.

“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” said NCA Deputy Director Paul Foster.

Authorities have not yet identified which criminal group was behind the hack. Unlike many ransomware gangs that typically publicize their attacks and leak stolen data on dark web sites, monitoring groups said no organization has yet claimed responsibility for the Collins Aerospace breach.

Ransomware attacks involve malicious software that encrypts a company’s data, with criminals demanding payment to unlock it. Such groups usually try to avoid targets likely to draw heavy law enforcement attention.

The Collins Aerospace hack is the latest in a series of cyberattacks in Europe that have triggered serious offline disruptions. Jaguar Land Rover, Britain’s largest carmaker and owned by Tata Motors, announced this week it would extend factory shutdowns until October 1 after a separate hack left operations paralyzed.

Berlin airport, one of several affected by the Collins Aerospace incident, warned it could take several more days before secure and fully functional systems are restored.

British police have arrested a man in connection with a ransomware attack on Collins Aerospace, a unit of RTX, that disrupted check-in systems at several European airports and caused widespread travel chaos.

The National Crime Agency (NCA) said the suspect, a man in his 40s, was detained on Tuesday on suspicion of violating the Computer Misuse Act. He has since been released on conditional bail.

“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” said NCA Deputy Director Paul Foster.

Authorities have not yet identified which criminal group was behind the hack. Unlike many ransomware gangs that typically publicize their attacks and leak stolen data on dark web sites, monitoring groups said no organization has yet claimed responsibility for the Collins Aerospace breach.

Ransomware attacks involve malicious software that encrypts a company’s data, with criminals demanding payment to unlock it. Such groups usually try to avoid targets likely to draw heavy law enforcement attention.

The Collins Aerospace hack is the latest in a series of cyberattacks in Europe that have triggered serious offline disruptions. Jaguar Land Rover, Britain’s largest carmaker and owned by Tata Motors, announced this week it would extend factory shutdowns until October 1 after a separate hack left operations paralyzed.

Berlin airport, one of several affected by the Collins Aerospace incident, warned it could take several more days before secure and fully functional systems are restored.

North Korean Hackers Using Fake Job Offers to Steal Cryptocurrency, Research Shows

/in /tarafından

North Korean hackers are increasingly impersonating recruiters to steal cryptocurrency, saturating the industry with convincing fake job offers, according to new research and interviews conducted by Reuters. The cyber campaign, dubbed “Contagious Interview” by cybersecurity firms, has grown so pervasive that many applicants now screen recruiters to ensure they are not acting on behalf of Pyongyang.

Experts say North Korea stole at least $1.34 billion in cryptocurrency last year, funding its sanctioned weapons program. The FBI has previously warned that Pyongyang was “aggressively” targeting the crypto industry with elaborate social engineering schemes.

The scams typically begin on LinkedIn or Telegram, with a recruiter offering a role at a major blockchain or crypto firm. Applicants are then directed to obscure websites to complete a skills test or record a video—sometimes requiring them to download malicious code. In one case, a U.S. product manager lost $1,000 in ether and Solana after sending a video to a fake recruiter impersonating Ripple Labs. Others, like consultant Ben Humbert, cut off conversations after being asked to complete “virtual interviews” through suspicious links.

Companies such as Robinhood and Kraken have acknowledged being impersonated. Robinhood said it acted to disable fake web domains linked to the scam. LinkedIn and Telegram confirmed that the fraudulent accounts identified by Reuters had been removed. Still, security experts say the impersonations are difficult to police, as “anybody out there can say they’re a recruiter,” noted Nick Percoco, Kraken’s chief security officer.

Research by SentinelOne and Validin found exposed hacker log files containing details of more than 230 targeted individuals—ranging from coders and consultants to executives—between January and March. Analysts linked the activity to North Korea based on IP addresses and emails tied to previous state-backed hacks.

Although only a fraction of North Korea’s overall crypto theft efforts, experts warn the campaign is highly organized and rapidly evolving. “It’s scary how far they’ve come,” said Carlos Yanez of Global Ledger, one of the recent targets.

North Korea’s mission to the United Nations did not respond to Reuters’ request for comment, though Pyongyang routinely denies involvement in cryptocurrency theft.