Varonis’ analysis of UNC604’s vishing attacks on Salesforce shows how social engineering and API flaws are used to bypass MFA and steal CRM data. Threat actors abuse service accounts and phishing kits to impersonate users, exposing gaps in identity governance and monitoring. Varonis recommends anomaly detection, permission management, and real-time log analysis to stop these threats without disrupting sales.

Key Protection Strategies

• Neutralize Social Engineering: Detect unusual login patterns
• Secure API Access: Monitor high-risk integrations (OAuth abuse up 300% in 2024)
• Right-Size Permissions: Revoke stale service account privileges
• Threat Hunting: Correlate user behaviour with UNC604 TTPs

‍