Attackers may have claimed a Google breach, too: GTIG had also disclosed extortion activities related to UNC6040 intrusions, sometimes carried out several months after the initial data theft, by another threat group, UNC6240, which identified themselves as the notorious BreachForums admin ‘ShinyHunters’.At the time, the GTIG team had presumed the claim to be a stunt to put pressure on victims for speeding up payments, which were to be made in bitcoins within 72 hours.While the attribution hasn’t been confirmed yet, a BleepingComputer report says it had a conversation with ShinyHunters on Monday, August 5, who claimed to have breached many Salesforce instances in an ongoing attack, including a trillion-dollar company, without confirming it to be Google. ShinyHunters also reportedly told BleepingComputers of their ‘just leaking the data’ plans for data stolen from this company.This revelation is particularly interesting given reports of an alleged arrest of ShinyHunters, along with four other BreachForums admins, including IntelBroker, by the French Police in mid-June.Concerns are likely to escalate if ShinyHunters are indeed behind these attacks. The former admin of the infamous BreachForums hack site has long been a fixture in the cyberthreat landscape. Among the group’s most high-profile claims are breaches involving PowerSchool, Oracle Cloud, Snowflake data-theft attacks, AT&T, and Microsoft’s private GitHub repositories.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4035701/we-too-were-breached-says-google-months-after-revealing-salesforce-attacks.html
