Subj : Russian hackers target Gm
To   : All
From : Mike Powell
Date : Sun Jun 29 2025 09:11 am

Russian hackers target Gmail passwords to crack down on international critics

Date:
Mon, 23 Jun 2025 13:03:00 +0000

Description:
Academics and critics engaging with Russia discussions are being targeted in
email phishing campaign.

FULL STORY

Google Threat Intelligence Group (GTIG) has shared details of a new threat
actor tracked as UNC6293, believed to be a Russian state-sponsored group,
targeting prominent academics and critics of the country.

Victims have reportedly been receiving phishing emails using spoofed
'@state.gov' addresses in the CC field to build credibility, but instead of
being hit with immediate malicious payloads, the attackers are using social
engineering tactics to build rapports with their targets.

Google's researchers uncovered the slow-paced nature attackers used to build
rapports with their victims, often sending them personalized emails and
inviting them to private conversations or meetings.

Academics and critics are being targeted by Russia

In one screenshot shared by Google's threat intelligence team, Keir Giles, a
prominent British researcher on Russia, received a fake US Department of
State email believed to be part of the UNC6293 campaign.

"Several of my email accounts have been targeted with a sophisticated account
takeover that involved impersonating the US State Department," Giles shared
on LinkedIn .

In the attack email, victims receive a benign PDF attachment designed to look
like an invitation to securely access a (fake) Department of State cloud
environment. It's this website that ultimately gives the attackers, which
Google believes could be linked to APT29 (aka Cozy Bear, Nobelium), access to
a user's Gmail account.

Victims are guided to create an app-specific password (ASP) at
account.google.com, and then share that 16-character ASP with the attackers.

"ASPs are randomly generated 16-character passcodes that allow third-party
applications to access your Google Account, intended for applications and
devices that do not support features like 2-step verification (2SV)," Google
explained.

Google highlights users can create or revoke ASPs at any time, and a pop-up
on its site even advises users that ASPs "aren't recommended and are
unnecessary in most cases."

More importantly, though, is that while attacks come in all different
flavors, social engineering and phishing remain highly effective vectors  and
yet they're typically comparably easy to detect, with a bit of prior
understanding and training.

The standard advice, then, remains  avoid clicking on attachments from email
addresses you're unfamiliar with, and certainly never share account
credentials with unknown individuals.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/russian-hackers-target-gmail-passwords-
to-crack-down-on-international-critics

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.