Background on the Threat Actors
Google has reported that a group of cybercriminals gained access to information stored in a Salesforce database that was hacked in June. This breach compromises 2.5 billion email addresses, putting users of Gmail at risk.
Who are UNC6040 and ShinyHunters?
UNC6040 is a threat group associated with ShinyHunters, known for their ‘vishing’ (voice phishing) campaigns. They impersonate technical support personnel to deceive employees of multinational corporations, gaining access to their Salesforce instances. Later, they extort these employees.
Impact on Google and Gmail Users
In early August, Google’s threat intelligence team identified UNC6040’s activities. The cybercriminals targeted Google as well, accessing a database with small and medium enterprise information stored in Salesforce in June.
Initially, Google stated that no sensitive data like passwords was compromised. Instead, only basic contact and business information was stolen, some of which was already publicly available.
Consequences for Gmail Users
Despite the limited nature of the stolen data, it has put over 2.5 billion Gmail users at risk. Cybercriminals are using this information to launch phishing attempts, impersonating Google employees and warning of security breaches or the need to log into accounts.
Key Questions and Answers
- What information was compromised? The breach exposed basic contact and business information of small and medium enterprises, though no sensitive data like passwords was stolen.
- Who are the threat actors? UNC6040 is a group associated with ShinyHunters, known for their ‘vishing’ campaigns and impersonating technical support personnel to gain access to corporate systems.
- How many Gmail users are affected? Over 2.5 billion Gmail users could be impacted by phishing attempts using the stolen information.
- What should users do to protect themselves? Be cautious of unsolicited emails claiming to be from Google, and never share sensitive information or log into accounts through links provided in such emails.
