Cybercriminals Breach Google, Salesforce, and More in Major Attack

Cybercriminals have breached several major tech and security companies, including Google and Salesforce, impacting numerous high-profile customers. The threat actors, believed to be part of the 'Scattered Lapsus$ Hunters' group, exploited social engineering tactics to gain unauthorized access to sensitive systems.

The breach began with social engineering tactics to infiltrate Salesforce and Salesloft, affecting major customers such as Allianz Life, Google, Zscaler, Cloudflare, Qantas, and Palo Alto Networks. Google has confirmed that no data was accessed during this initial breach.

The cybercrime group later claimed to have accessed Google's Law Enforcement Request System (LERS) and the FBI's eCheck background check system. Google discovered a fake account had been created in its LERS platform and swiftly shut it down. Unauthorized access to LERS could potentially expose user data, compromise investigations, enable fraudulent requests, and erode trust in the system.

On September 11, the group 'Scattered Lapsus$ Hunters' announced their presence on Twitter, signing off with a 'Goodbye' message. They also hinted at potential ongoing activity in other breaches, stating they were 'going in the dark'. Breaches of the FBI's eCheck system could lead to theft of personal and criminal records, identity fraud, manipulation of background checks, and even national security threats.

The 'Scattered Lapsus$ Hunters' group has demonstrated significant capabilities in breaching high-profile targets. While Google has contained the breach and no data was accessed, the potential implications are severe. Companies and law enforcement agencies must remain vigilant and strengthen their cybersecurity measures to prevent future attacks.