What's Happening?
A supply chain attack campaign targeting Salesforce data via the Salesloft Drift app has been found to affect a small number of Google Workspace accounts. The attack involved the theft of OAuth tokens, compromising Salesforce instances and potentially affecting hundreds of organizations. Security vendor Astrix identified new indicators of compromise linked to the campaign, urging organizations to review and secure their third-party integrations.
Why It's Important?
This attack highlights the vulnerabilities in cloud-based integrations and the potential risks to sensitive corporate data. The compromise of OAuth tokens underscores the need for robust security measures and vigilant monitoring of third-party applications. Organizations using Salesforce and Google Workspace must take immediate action to secure their systems and prevent unauthorized access. The incident serves as a reminder of the importance of cybersecurity in protecting business operations and data integrity.
