In a bit of irony, Google has been hacked by the “ShinyHunter” gang—weeks after it warned that the group was on a hacking spree.
The group accessed a Google corporate account with Salesforce, which supplies customer relationship management services. However, the breach seems to be isolated to small and medium businesses rather than everyday internet users.
“The [Salesforce] instance was used to store contact information and related notes for small and medium businesses,” Google says. “The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”
In addition, the hackers were only able to access the data “during a small window of time before the access was cut off,” according to Google.
The company hasn’t provided more details, including the number of affected businesses. But ShinyHunters likely pulled off the breach through “voice phishing,” which involves a hacker pretending to be a customer support agent and tricking the victim into handing over a password or installing a malicious application.
In June, Google’s Threat Intelligence team published a post warning that a hacking group claiming ties to ShinyHunters had been using voice phishing to manipulate victims into installing a malicious app that connected to their Salesforce portal.
“Over the past several months, UNC6040 (ShinyHunters) has demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements,” Google added. “This approach has proven particularly effective in tricking employees, often within English-speaking branches of multinational corporations.”
Recommended by Our Editors
The tactics are similar to another hacking group, Scattered Spider, which has used voice phishing to target various industries, including airlines. Security researchers suspect the two groups might have overlapping membership or could be simply targeting the same industries, making attribution harder, according to BleepingComputer.
In either case, both groups focus on stealing confidential data with the goal of extorting victims through a ransom. However, Scattered Spider has been known to deploy ransomware after breaching a company’s network, according to US cyber authorities.
How to Use Google’s Veo 3 AI Video Generator
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Michael Kan
Senior Reporter
