Scope of Salesforce Attacks Expands as Icarus Leaks Data
Summary
The scope of attacks targeting Salesforce has expanded following a breach of application vendor Klue. Attackers exploited OAuth tokens obtained from Klue to access and steal customer data from Salesforce instances. The "Icarus" threat group has begun leaking some of the stolen data.
IFF Assessment
FOE
This article details a data breach and subsequent data exfiltration, which is a negative development for defenders.
Defender Context
This incident highlights the risks associated with third-party integrations and the potential for supply chain attacks. Defenders should be vigilant about the security of their connected applications and review access permissions regularly. The expansion of the attack and data leak indicates a sophisticated and persistent threat actor.