1. Forum
  2. FidoNET
  3. CONSPRCY

  • Russian hackers target Gm

    From Mike Powell@1:2320/105 to All on Sunday, June 29, 2025 09:11:00
    Russian hackers target Gmail passwords to crack down on international critics

    Date:
    Mon, 23 Jun 2025 13:03:00 +0000

    Description:
    Academics and critics engaging with Russia discussions are being targeted in email phishing campaign.

    FULL STORY

    Google Threat Intelligence Group (GTIG) has shared details of a new threat actor tracked as UNC6293, believed to be a Russian state-sponsored group, targeting prominent academics and critics of the country.

    Victims have reportedly been receiving phishing emails using spoofed '@state.gov' addresses in the CC field to build credibility, but instead of being hit with immediate malicious payloads, the attackers are using social engineering tactics to build rapports with their targets.

    Google's researchers uncovered the slow-paced nature attackers used to build rapports with their victims, often sending them personalized emails and inviting them to private conversations or meetings.

    Academics and critics are being targeted by Russia

    In one screenshot shared by Google's threat intelligence team, Keir Giles, a prominent British researcher on Russia, received a fake US Department of
    State email believed to be part of the UNC6293 campaign.

    "Several of my email accounts have been targeted with a sophisticated account takeover that involved impersonating the US State Department," Giles shared
    on LinkedIn .

    In the attack email, victims receive a benign PDF attachment designed to look like an invitation to securely access a (fake) Department of State cloud environment. It's this website that ultimately gives the attackers, which Google believes could be linked to APT29 (aka Cozy Bear, Nobelium), access to
    a user's Gmail account.

    Victims are guided to create an app-specific password (ASP) at account.google.com, and then share that 16-character ASP with the attackers.

    "ASPs are randomly generated 16-character passcodes that allow third-party applications to access your Google Account, intended for applications and devices that do not support features like 2-step verification (2SV)," Google explained.

    Google highlights users can create or revoke ASPs at any time, and a pop-up
    on its site even advises users that ASPs "aren't recommended and are unnecessary in most cases."

    More importantly, though, is that while attacks come in all different
    flavors, social engineering and phishing remain highly effective vectors and yet they're typically comparably easy to detect, with a bit of prior understanding and training.

    The standard advice, then, remains avoid clicking on attachments from email addresses you're unfamiliar with, and certainly never share account
    credentials with unknown individuals.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/russian-hackers-target-gmail-passwords- to-crack-down-on-international-critics

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)