Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
Summary
Salesforce is alerting customers to a rise in threat actor activity targeting misconfigured Experience Cloud sites. Attackers are using a modified AuraInspector tool to exploit overly permissive guest user settings, gaining access to sensitive data.
IFF Assessment
FOE
This is bad news for defenders as it highlights a specific attack vector and tool being used to compromise sensitive data in Salesforce environments.
Defender Context
Defenders should ensure their Salesforce Experience Cloud guest user configurations are not overly permissive and regularly audit access controls. Monitoring for unusual activity related to AuraInspector or similar reconnaissance tools is also crucial.