Security News > 2023 > August > Hackers exploited Salesforce zero-day in Facebook phishing attack
Hackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable Facebook accounts.
The attackers chained a flaw dubbed "PhishForce," to bypass Salesforce's sender verification safeguards and quirks in Facebook's web games platform to mass-send phishing emails.
The benefit of using a reputable email gateway like Salesforce to distribute phishing emails is the evasion of secure email gateways and filtering rules, ensuring that the malicious emails reach the target's inbox.
The Salesforce CRM allows customers to send emails as their own brand using custom domains that the platform must first verify.
Clicking on the embedded button takes the victim to a phishing page hosted and displayed as part of the Facebook gaming platform, which adds further legitimacy to the attack and makes it even harder for the email recipients to realize the fraud.
After confirming the issues by replicating the creation of a Salesforce-branded address capable of disseminating phishing emails, Guardio Labs notified the vendor of their discovery on June 28, 2023.
News URL
Related news
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver (source)
- New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. (source)
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)