Austin Larsen
@austinlarsen.bsky.social
⚠️ Google Threat Intelligence Group (GTIG) is tracking a widespread data theft campaign by UNC6395 targeting instances via compromised Salesloft Drift OAuth tokens.
The actor's primary goal is harvesting credentials (AWS keys, passwords, etc) from exfiltrated data.
The actor's primary goal is harvesting credentials (AWS keys, passwords, etc) from exfiltrated data.
Widespread Data Theft Targets Salesforce Instances via Salesloft Drift | Google Cloud Blog
A widespread data theft campaign targeting Salesforce instances via the Salesloft Drift third-party application.
cloud.google.com
August 26, 2025 at 4:49 PM
⚠️ Google Threat Intelligence Group (GTIG) is tracking a widespread data theft campaign by UNC6395 targeting instances via compromised Salesloft Drift OAuth tokens.
The actor's primary goal is harvesting credentials (AWS keys, passwords, etc) from exfiltrated data.
The actor's primary goal is harvesting credentials (AWS keys, passwords, etc) from exfiltrated data.