ISC2 RVA News

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks

ISC2 Admin — Mon, 15 Sep 2025 21:00:23 GMT

The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for orchestrating a string of data theft and extortion attacks.

UNC6395 is a threat group that has been attributed a widespread data theft campaign targeting Salesforce instances in August 2025 by exploiting compromised OAuth tokens for the Salesloft Drift application. In an update issued this week, Salesloft said the attack was made possible due to the breach of its GitHub account from March through June 2025.

The second group the FBI has called attention to is UNC6040. Assessed to be active since October 2024, UNC6040 is the name assigned by Google to a financially motivated threat cluster that has engaged in vishing campaigns to obtain initial access and hijack Salesforce instances for large-scale data theft and extortion.

These attacks have involved the use of a modified version of Salesforce's Data Loader application and custom Python scripts to breach victims' Salesforce portals and exfiltrate valuable data. At least some of the incidents have involved extortion activities following UNC6040 intrusions, with them taking place months after the initial data theft

ISC2 Pledges One Million FREE ISC2 Certified in Cybersecurity℠ Courses and Exams

ISC2 Admin — Sun, 09 Jun 2024 14:30:00 GMT

ISC2 Pledges One Million FREE ISC2 Certified in Cybersecurity℠ Courses and Exams

See yourself in cybersecurity. You don’t need experience — just the passion and drive to enter a demanding and rewarding field, one that opens limitless opportunities worldwide.

As part of our commitment to help close the cybersecurity workforce gap and diversify those working in the field, ISC2 is offering FREE Certified in Cybersecurity (CC) Online Self-Paced Training and exams to one million people.

Advancing DEI in Cybersecurity

To encourage diversity, equity and inclusion in the workforce, ISC2 will work closely with partner organizations as part of this program to reach populations underrepresented in cybersecurity. We’ve pledged half of the commitment – 500,000 course enrollments and exams – to this effort. Organizations serving these groups and willing to partner with us in this DEI effort can contact us at inclusion@isc2.org.

Start Your Journey

To participate in the One Million Certified in Cybersecurity program, please follow these simple steps:

1. Create an account. If you already have an ISC2 account, sign in.

2. Complete your ISC2 Candidate application form and select Certified in Cybersecurity as your certification of interest.

3. Once the application is complete, you’ll become an ISC2 Candidate. It’s free to join and you’ll gain access to Official ISC2 Certified in Cybersecurity Online Self-Paced Training and a code to register for the free certification exam. You will find your access on the Candidate Benefits page. Annual dues of U.S. $50 will be due at the end of your first year of ISC2 Candidate status.

4. Upon passing the exam, completion of the application form and payment of your $50 AMF, you’ll become a certified member of ISC2 – the world’s largest association of certified cybersecurity professionals – with access to a broad range of professional development resources to help you throughout your career.

ISC2 RVA News

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks

ISC2 Pledges One Million FREE ISC2 Certified in Cybersecurity℠ Courses and Exams

CROWDSTRIKE 2024 GLOBAL THREAT REPORT