Hackers behind the devastating cyber attacks on Marks & Spencer and Jaguar earlier this year claim that 1 billion customer records have stolen from 39 large companies.
The group, named Plastic Lapsus $ Hunters – Spreading Spider Alliance, Lapsus $ and Shinyhunters – goes to their name, the deadline for October 10 to pay ransom or otherwise.
According to cyber criminals, companies were affected, including Disney, Fedex, Google, IKEA, McDonald, Toyota and Qantas Airways.
The data is derived from hosted by Salesforce, and hackers claim that the software giant has been “criminal negligence” by preventing insults.
Salesforce claims that its platform is not compromised and violates social engineering attacks on solitary confirms using its own platforms rather than technical vulnerabilities.
“We are aware of the recent efforts by the threat actors, which we have investigated with the cooperation of experts and foreign officials,” the company said. IndependentHuman
“Our findings suggest that these efforts are related to past or unproven events, and we are involved with damaged customers to support them. At this time, there is no sign that the Salesforce platform is compromised, and this activity is not related to our well -known vulnerability in our technology.”
Social engineering attacks include deceiving people in a company or organization to reveal confidential information such as access to the system to computing systems.
They can include phone calls or emails related to IT support, which manipulate the target in the distribution of sensitive information.
Get 64 % off the vpn proton
Servers over 120 countries around the world
Connect the maximum of 10 devices
A 30 -day return guarantee of money
Get the transaction
Advertising If you sign up for this service, we will obtain a commission. This revenue contributes to the funding of journalism throughout independent.
Get 64 % off the vpn proton
Servers over 120 countries around the world
Connect the maximum of 10 devices
A 30 -day return guarantee of money
Get the transaction
Advertising If you sign up for this service, we will obtain a commission. This revenue contributes to the funding of journalism throughout independent.
The Hacking Group shared what claimed to be an example of the data stolen on its telegram page and gathered it during a monthly social engineering campaign against companies.
Google, one of the victims, explained the method of the attack in a detailed blog post in August.
“Over the past few months, [the hacking group] It supports IT personnel that supports staff repeatedly violating network violations using its operators to support personnel to support telephone -based social engineering conflicts. “
“This approach, especially in the deceit of employees, has often been effective in the English -speaking branches of multinational companies, with actions that access to attackers or lead to sensitive credit sharing, eventually leading to the stealing of the organization’s SalesForce data.”
Spreading spider hackers came to a highlight after a series of high -profile attacks on telecommunications companies in 2022 before focusing on other industries with finance, game, hospitality and retail.
It is estimated that they have imported hundreds of millions of pounds worth the victims, including M&S and a cooperative in the UK.
A profile produced by the S-RM Cyber Security Consultant described them as “a set of predominantly native English-speaking criminals-some of the 16 years of age-who appeared in a set of underground hacking groups”.
Report, shared IndependentIt also noted that the group “can convince Helpdesk employees to quickly regulate employee accounts,” while also violating network access information from basic access agents on the dark web.
