The Reveal Platform
Intel Name: Cyber criminal groups unc6040 and unc6395 compromising salesforce instances for data theft and extortion
Date of Scan: September 15, 2025
Impact: High
Summary: This FLASH is being issued to share Indicators of Compromise (IOCs) linked to recent malicious cyber activities carried out by cybercriminal groups UNC6040 and UNC6395. These groups are responsible for a growing number of data theft and extortion incidents and have recently been observed targeting organizations’ Salesforce platforms through various initial access methods.
