Home > Data Breach News
25 views 45 secs 0 comments

FBI FLASH: Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion

In Data Breach News, Vendor News, Vulnerabilities
September 13, 2025

The FBI has issued an alert, FLASH-20250912-001.

Summary

The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 and UNC6395, responsible for a rising number of data theft and extortion intrusions. Both groups have recently been observed targeting organizations’ Salesforce platforms via different initial access mechanisms. The FBI is releasing this information to maximize awareness and provide IOCs that may be used by recipients for research and network defense.

FBI FLASH 250912Download

Related Post
Gucci, Balenciaga, Brioni, and Alexander McQueen allegedly hit by Salesforce attacks
Gucci, Balenciaga, Brioni, and Alexander McQueen allegedly hit by Salesforce attacks
September, 2025
Sen. Wyden seeks FTC probe into Microsoft over Ascension cyberattack
September, 2025
HHS Releases Updated Security Risk Assessment Tool
HHS Releases Updated Security Risk Assessment Tool
September, 2025
Department of War Announces the Final Defense Federal Acquisition Regulation Supplement Rule Implementing the Cybersecurity Maturity Model Certification Program
September, 2025