Archetyp Links

Qantas has been targeted by an infamous hacker group. NewsWire / Luis Enrique Ascui Qantas has been targeted by an infamous hacker group. NewsWire / Luis Enrique Ascui Credit: News Corp Australia Qantas is among 39 companies under pressure from an infamous hacker group to negotiate a ransom over supposedly stolen customer data. Cybercriminal group Scattered Lapsus$ Hunters claimed in a post to a dark web site to have stolen a large cache of data after targeting tech giant Salesforce. The group claimed to have stolen personal and contact information between April 2024 and September 2025 by targeting companies that use Salesforce. The national airline is understood to be aware it is listed by the hacking group, and an ongoing injunction has been obtained through the NSW Supreme Court to prevent the stolen data being accessed or published. The incident is also being investigated by authorities, including the Australian Cyber Security Centre. “Ensuring continued vigilance and providing ongoing support for our customers remain our top priorities,” a Qantas spokesperson said. “We continue to offer a 24/7 support line and specialist identity protection advice to affected customers. “We have also put in place additional security measures, increased training across our teams and strengthened system monitoring and detection since the incident occurred.” Camera Icon Qantas is being targeted by infamous hacker group. NewsWire / Luis Enrique Ascui Credit: News Corp Australia The group gave the companies, which also include Toyota, Disney, Ikea, and HBO Max, until Friday to begin negotiating a ransom. In the message, seen by Help Net Security, the group claims if Salesforce complies with its demands it will not pursue the other affected companies. “If Salesforce does not engage with us to resolve this, we will completely target each and every individual customer of theirs listed,” the group reportedly said. “Failure to comply will result in massive consequences … Don’t be the next headline, make the correct decision and reach out.” In a statement, Salesforce said it was aware of “recent extortion attempts by threat actors” that were under investigation by external experts and authorities. “Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support,” the statement read. “At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.” Salesforce said in the October 3 statement that customer data remained the top priority, and security teams had been engaged to provide support. “As we continue to monitor the situation, we encourage customers to remain vigilant against phishing and social engineering attempts, which remain common tactics,” the company said. Google Threat Intelligence Group said it was tracking UNC6040, a financially motivated threat cluster that specialises in voice phishing (vishing) campaigns specifically designed to compromise organisations’ Salesforce for “large-scale data theft and subsequent extortion”. Camera Icon Qantas was the victim of a ‘cyber incident’ in July that exposed the data of millions of customers. NewsWire / Luis Enrique Ascui Credit: News Corp Australia “Over the past several months, UNC6040 has demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements. “This approach has proven particularly effective in tricking employees, often within English-speaking branches of multinational corporations, into actions that grant the attackers access or lead to the sharing of sensitive credentials, ultimately facilitating the theft of organisation’s Salesforce data. “In all observed cases, attackers relied on manipulating end users, not exploiting any vulnerability inherent to Salesforce.” Qantas was the victim of a “cyber incident” in July that exposed the data of millions of customers through a third-party call centre. Personal information potentially exposed in the incident included names, email addresses, dates of birth, phone numbers, and Frequent Flyer numbers.