FBI warns of cyber criminals targeting Salesforce platforms

Sep 12, 2025 - 04:03 PM
Cybersecurity Lock on Gold Wall

The FBI Sept. 12 released an alert warning of malicious activities by cybercriminal groups UNC6040 and UNC6395, which the agency said are responsible for an increasing number of data theft and extortion intrusions. The FBI said the groups have recently been observed targeting organizations’ Salesforce platforms using different methods to obtain account access. UNC6040 has been known to obtain initial access to Salesforce accounts through voice phishing. The FBI said UNC6395 in August was found to have exploited compromised access tokens for an artificial intelligence chatbot that can be integrated with Salesforce. The threat actors successfully compromised victims and exfiltrated data.

The FBI included a series of recommendations to help reduce the risk of compromise from cyber actors. For more information on this or other cyber and risk issues, contact John Riggi, AHA national advisor for cybersecurity and risk, at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
Microsoft warns of sophisticated phishing campaign heavily targeting health care organizations
Microsoft Threat Intelligence is warning of a large scale, multistage phishing campaign that disproportionately targeted the health care sector, sending “code…
Headline
CISA announces initiative to bolster critical infrastructure against nation-state cyberattacks
The Cybersecurity and Infrastructure Security Agency has launched a new initiative for critical infrastructure to defend against cyberattacks through proactive…
Headline
Webinar to explore AI use in cybersecurity, health care technology 
John Riggi, AHA national advisor for cybersecurity and risk, will moderate a webinar May 5 at 1 p.m. ET that will explore how bad actors are leveraging…
Headline
AHA, Joint Commission announce cybersecurity readiness effort 
The AHA and Joint Commission May 4 announced the launch of the Cyber Resilience Readiness program, an initiative to help hospitals and health systems assess…
Headline
Agencies issue guidance on adopting agentic AI systems
The Cybersecurity and Infrastructure Security Agency, National Security Agency and international partners have released guidance on adopting agentic artificial…
Headline
Advisory details shifting tactics of Chinese cyber actors using covert networks for malicious activity
A joint advisory released April 23 from U.S. and international cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency, FBI,…