The search giant noted that hackers are targeting English-speaking branches of multinational companies, tricking employees into sharing credentials that grant them access to company data stored on the Salesforce cloud.

Google’s security research team, known as the Threat Intelligence Group, has warned that hackers are stealing Salesforce Inc. (CRM) data of companies by impersonating information technology (IT) staff.

Salesforce shares were down 0.78% at the time of writing.

The research team revealed that it is tracking a “financially motivated threat cluster,” named UNC6040, that specializes in voice phishing (vishing) campaigns.

The team said these hackers are specifically targeting the Salesforce instances of companies for large-scale data theft and extortion.

These hackers are taking aim at English-speaking branches of multinational companies, and tricking employees into sharing credentials that give them access to company data stored on the Salesforce cloud.

“A prevalent tactic in UNC6040's operations involves deceiving victims into authorizing a malicious connected app to their organization's Salesforce portal. This application is often a modified version of Salesforce’s Data Loader, not authorized by Salesforce,” the team explained.

A Bloomberg report said the group has identified at least 20 organizations as the victims of the vishing scheme.

The research group also observed that these hackers sometimes don’t extort their targets for several months after the initial intrusion. They pointed out that this could mean they have monetized the stolen data.

This comes after several retailers reported being hacked over the past few months. Some of the more recent victims include Marks & Spencer Group Plc., Victoria’s Secret & Co., (VSCO), and Adidas AG, among others.

However, Google’s report has not specifically identified victims yet.

“Given the extended time frame between initial compromise and extortion, it is possible that multiple victim organizations and potentially downstream victims could face extortion demands in the coming weeks or months,” it added.

Salesforce stock has declined over 21% year-to-date, but it is up nearly 12% over the past 12 months.

For updates and corrections, email newsroom[at]stocktwits[dot]com.<