After the Dust Settles: Lessons Learned from Recent Threats to Salesforce

TLDR: On September 12th, 2025 the FBI released a FLASH regarding cybersecurity threats to Salesforce by threat actors UNC6040 and UNC6395. While the news cycle has moved on from this warning, understanding these threats can empower us to fortify our defenses and respond vigilantly to new cybersecurity threats.

On September 12, 2025, the FBI released a FLASH regarding cybersecurity threats to Salesforce by threat actors UNC6040 and UNC6395. Since that announcement, many members of the groups responsible for the threat warning have announced that they are stepping down from their criminal enterprise. In the aftermath of these threats to Salesforce, there are valuable takeaways for your company’s IT Security.

Threat Profile: Vishing and its Threats to Your Business

In the FBI Flash, Voice Phishing was identified as one of the major threats used by UNC6040 and UNC6395. Voice Phishing, also known as Vishing, consists of a phishing scheme that is conducted through a telephone or voicemail. These attacks use social engineering elements to convince their victims to deliver valuable information or download malicious applications.

Voice Phishing scams have become increasingly common. According to CrowdStrike, Vishing schemes rose by 442% in 2024. Cybercriminals leverage the implicit authority that a phone call provides and can even spoof verified or trusted numbers. In some cases, they can even make it appear that your own number is calling you. In a study conducted by Keepnet in 2024, 70% of businesses shared information during a simulated Vishing scam.

Vishing can have a devastating impact on your business. The cost of a call could be privileged information, money, or data leaks. Preventing voice phishing attacks should be an essential part of your managed IT Security plan.

Preventing Voice Phishing Attempts:

Education

Due to the social engineering elements of voice phishing, education remains an important component of your organization’s cybersecurity solutions. Consider creating a protocol with your team members for what information can be shared over the phone. Remind your team that a recognizable number is not necessarily a safe number. Your team is your first line of defense against voice phishing attempts.

Fortifying your MFA

Multifactor Authentication, also known as MFA, is an important step in securing your business. When paired with training and education, a multifactor authentication system can help prevent bad actors from accessing your organization. Traditional methods of MFA include a push-notification system or SMS and Voice authentication. These systems provide a valuable layer of security, but are vulnerable to certain types of phishing attacks.

Consider moving to a multifactor authentication method with phishing resistance. An easy way to do this is to implement a number matching system into your app based authentication. When a number matching system is implemented, a user must enter a number given by the system into the authentication app. This helps prevent against push bombing attacks.

The most phishing-resistant type of MFA is called a FIDO authentication. This method is also known as WebAuthn, and involves physical keys (either through USB or NFC) that connect users to a system. This method can face more significant implementation hurdles, but it provides the greatest amount of security against voice phishing.

Isogent: Your Managed IT Security Partner

Protecting your business against voice phishing doesn’t have to be daunting. Isogent is ready to provide user-focused IT security that focuses on creating an educated and vigilant environment. Consult Isogent to upgrade your multifactor authentication and create phishing resistant protocols that work for you and your team. Together, cybersecurity is attainable.