Cleo the Cat

Catograph[.]Net


Welcome to Catograph[.]Net

Cleo the Cat
Author: catograph.net
Released: September 24th, 2025

Do you like cats, maps, or cybersecurity? If you answered yes to any of those choices, you're in the right spot. Catograph.net aims to be a super casual blog regarding all the above. Articles and maps created here will be accessible to audiences of any skill level. If you're more experienced, you may skip sections which break down concepts, and feel free to give feedback to earn a spot on the credits page if you think something looks not quite right.

Purpose



1 | Cats

Catograph.net's mascot is Cleo, nestled into the box of the logo. Cleo's birthday is October 3rd, and she is turning 4 next month! Please do not let her adorable looks deceive you. Cleo is an agent of chaos. Her favorite hobbies consist of sitting on keyboards, crashing programs, and interrupting team games at the worst possible moment, often preceded by: “hi, cleo…”. Over time more cats will be added to the website. If you would like your cat potentially added to the Cats page, contact the author over Discord.

2 | Analyze Recent Events in Cyber

This blog will assess current cybersecurity events and break them down, comparing them against previous events to seek out patterns. Although the focus is cyber, this will spill into related topics like machine learning and artificial intelligence, cybersecurity and privacy standards and regulations, and new tech advancements.

3 | Explore Open Source Tools and Share Security Tips

There are many open source tools out there with awesome capabilities. This blog will explore some of them and is always open to suggestions. Tips will be sprinkled in here and there too on small things anyone can do to make their overall internet experience a little more safe and secure.

Read More


Salesloft Drift Incident Caused Mass Data Exfiltration, Sets Ground for Future Attacks

Cleo the Cat
Author: catograph.net
Released: September 24th, 2025

Massive theft of business contact records and support ticket data from over 700 companies' Salesforce instances will set the ground for future, highly targeted cyberattacks.

New to Cyber? Click here to read this short story to get an idea of what went down.

For the uninitiated: Imagine being a guest at a hotel with great friends. Everyone decides to go outside to enjoy a wonderful time at the pool. Meanwhile, the hotel is responsible for ensuring the security of guest rooms. The manager stores all room keys in a locked drawer and only permits certain employees to access them after guests show proper ID. Unfortunately, there's only one employee manning the front, and they decide to go on an extended lunch break. They leave their key on a hook behind the counter, visible to anyone walking by.

A man with ill intent walks in and approaches the desk, wondering: why is nobody here? No matter. He hops over the counter and swipes the key from its hook. He then unlocks the drawer and starts shoveling all the room keys into a duffel bag. Heading out back, he meets with several associates and hands out the room keys, instructing them to try as many of the keys as possible to steal luggage from the unguarded hotel rooms. Later, in a secure location, the group opens the loot and finds contact information on all their victims. One by one the victims are contacted, and a ransom is demanded: pay us, or you will never see your prized possessions ever again, and your data will be sold online.

A similar situation (replace hotel with Salesloft Drift and the guests as their customers) is what led to the theft of 1.5 billion Salesforce records (Abrams, 2025). A question may come to mind: how did nobody notice the thief take all the keys to then access and steal all those records? It's not necessarily the hotel guests' fault. They were enjoying the pool and had faith that the hotel would take care of them. This is an example of what happens when security controls fail and result in a domino effect: not only does the hotel suffer, but the guests do as well.


Introduction

Several cyber threat actors targeted the Salesforce instances of over 700 companies in an organized campaign and stole over 1.5 billion records, including business contact information and support ticket data (Abrams, 2025). A nasty mix of social engineering (Google Threat Intelligence Group, 2025) and the abuse of software integrations (Larsen et al., 2025) contributed to these attacks. The theft of authentication tokens from Salesloft Drift, an AI chat agent which integrates into Salesforce, made accessing and exfiltrating information trivial. The FBI have detailed the chain of attacks in their FLASH bulletin (FBI Cyber Division, 2025).

Read More