The FBI has issued a flash alert warning that two cybercriminal threat clusters—UNC6040 and UNC6395—are actively targeting organizations using Salesforce platforms, carrying out data theft and extortion attacks. UNC6395’s attacks in August 2025 stemmed from a breach of Salesloft’s GitHub account between March and June; this breach allowed attackers to steal OAuth tokens associated with the Salesloft Drift AI chatbot app, which were then used to access numerous Salesforce instances to exfiltrate sensitive data such as AWS keys, passwords, and Snowflake tokens.
Sources: Hacker News, Internet Crime Complaint Center
Key Takeaways
– OAuth & Third-Party App Risk: Integrations like Salesloft Drift that link to Salesforce via OAuth are being exploited; stolen tokens allow attackers to bypass many protections and gain access to customer data across multiple customers.
– Social Engineering & Vishing Over Technical Exploits: These campaigns (especially by UNC6040) lean heavily on voice phishing, deceptive connected app authorizations, and impersonation rather than zero-day vulnerabilities, underlining that human-factor risks are still major.
– Supply Chain & Credential Management Must Be Prioritized: Compromise of platforms like GitHub (in the case of Salesloft) or misconfigured connected apps magnify risk; organizations need tighter controls over credentials, external integrations, MFA, and least-privilege practices.
In-Depth
In recent months, the security landscape has seen alarming developments involving two threat clusters—UNC6040 and UNC6395—targeting Salesforce platforms via sophisticated, yet fundamentally social engineering-driven methods. The FBI’s flash alert makes clear that while technical vulnerabilities are part of the picture, attacks are being largely enabled by human trust and misconfigurations, especially in how connected apps and OAuth tokens are managed.
UNC6395 first entered the stage in August 2025 with a breach rooted in a compromised GitHub account owned by Salesloft. Between March and June, attackers accessed multiple repositories, added guest users, and established workflows—activities that remained under the radar for months. With those footholds, they were able to grab OAuth tokens tied to the Salesloft Drift AI chatbot app. These tokens enabled access to Salesforce instances; attackers ran SOQL queries, exfiltrated data including sensitive credentials (AWS keys, passwords, Snowflake tokens), and deleted query jobs to avoid detection.
In response, Salesloft and Salesforce revoked the active tokens, removed the Drift app from the AppExchange, and urged customers to treat all integrations and credentials tied to Drift as potentially compromised.
UNC6040, active since approximately October 2024, is using voice phishing (vishing) and deceptive practices to trick employees—often in customer support or admin roles—into authorizing connected apps. One common approach involves guiding them during a vishing call to Salesforce’s connected apps setup pages, where they approve a malicious app (often a modified version of the Data Loader). That approval grants API-level access, allowing bulk data exfiltration via API queries.
Because the connected app is “trusted” (by the system once approved), traditional security barriers—MFA, password resets, login monitoring—are often evaded. After data theft, some victims are extorted—attackers may threaten to leak or expose data, sometimes leveraging association with known groups like ShinyHunters to increase pressure.
What both campaigns underscore is that even well-designed platforms like Salesforce, which may be secure from a technical standpoint, can still be compromised via poor integration management, lax credential protection, or weak monitoring. The attack vectors involve no inherent vulnerability in Salesforce, but rather exploitation of how external apps are connected and how human trust is leveraged. For defenders, the imperative is clear: audit all third-party integrations (especially those using OAuth), ensure strict least privilege and role separation, rotate and revoke credentials and tokens proactively, enable strong MFA for both platform and source repositories (e.g. GitHub), monitor for unexpected workflow changes or new external users, and train staff and call-handling personnel to recognize vishing or unusual authorization requests.
As these threat actors evolve, organizations must operate under the assumption that silence from a group or a pause in activity doesn’t mean the threat is gone—only that it may be changing tactics.