The search giant noted that hackers are targeting English-speaking branches of multinational companies, tricking employees into sharing credentials that grant them access to company data stored on the Salesforce cloud.

The Salesforce company logo is seen displayed on a smartphone screen. (Photo Illustration by Piotr Swat/SOPA Images/LightRocket via Getty Images)

Rounak Jain·Stocktwits

Updated Jul 02, 2025 | 8:31 PM GMT-04

Share this article

Google’s security research team, known as the Threat Intelligence Group, has warned that hackers are stealing Salesforce Inc. (CRM) data of companies by impersonating information technology (IT) staff.

Salesforce shares were down 0.78% at the time of writing.

The research team revealed that it is tracking a “financially motivated threat cluster,” named UNC6040, that specializes in voice phishing (vishing) campaigns.

The team said these hackers are specifically targeting the Salesforce instances of companies for large-scale data theft and extortion.

These hackers are taking aim at English-speaking branches of multinational companies, and tricking employees into sharing credentials that give them access to company data stored on the Salesforce cloud.

“A prevalent tactic in UNC6040's operations involves deceiving victims into authorizing a malicious connected app to their organization's Salesforce portal. This application is often a modified version of Salesforce’s Data Loader, not authorized by Salesforce,” the team explained.

A Bloomberg report said the group has identified at least 20 organizations as the victims of the vishing scheme.

The research group also observed that these hackers sometimes don’t extort their targets for several months after the initial intrusion. They pointed out that this could mean they have monetized the stolen data.

This comes after several retailers reported being hacked over the past few months. Some of the more recent victims include Marks & Spencer Group Plc., Victoria’s Secret & Co., (VSCO), and Adidas AG, among others.

However, Google’s report has not specifically identified victims yet.

“Given the extended time frame between initial compromise and extortion, it is possible that multiple victim organizations and potentially downstream victims could face extortion demands in the coming weeks or months,” it added.

Salesforce stock has declined over 21% year-to-date, but it is up nearly 12% over the past 12 months.

For updates and corrections, email newsroom[at]stocktwits[dot]com.

Subscribe to Trends with Friends

All Newsletters

For serious investors with a serious sense of humor.

Also See: Trump’s 50% Steel Tariffs Take Effect Even As Trade Negotiations Remain Underway

Read about our editorial guidelines and ethics policy

Trending Large Cap Equities