Seqrite Uncovers UNC6040 Campaign Behind Google Salesforce Breach

Seqrite’s investigation reveals this incident as part of a broader campaign affecting major global brands including Adidas, Qantas, Allianz Life, LVMH brands, Chanel, AT&T, Santander, Starbucks Singapore, Cisco, Pandora, and dozens of others. The parallel UNC6395 attack on Salesloft Drift represents one of 2025’s most significant cyber incidents, compromising hundreds of Salesforce customers through OAuth token theft that enabled unauthorized SOQL queries across cases, accounts, users and opportunities databases.