Russian Threat Actors Circumvent Gmail Security with App Password Theft

 

As part of Google’s Threat Intelligence Group (GTIG), security researchers discovered a highly sophisticated cyber-espionage campaign orchestrated by Russian threat actors. They succeeded in circumventing Google’s multi-factor authentication (MFA) protections for Gmail accounts by successfully circumventing it. 
A group of researchers found that the attackers used highly targeted and convincing social engineering tactics by impersonating Department of State officials in order to establish trust with their victims in the process.
As soon as a rapport had been built, the perpetrators manipulated their victims into creating app-specific passwords. 
These passwords are unique 16-character codes created by Google which enable secure access to certain applications and devices when two-factor authentication is enabled. As a result of using these app passwords, which bypass conventional two-factor authentication, the attackers were able to gain persistent access to sensitive emails through Gmail accounts undetected. 
It is clear from this operation that state-sponsored cyber actors are becoming increasingly inventive, and there is also a persistent risk posed by seemingly secure mechanisms for recovering and accessing accounts. According to Google, this activity was carried out by a threat cluster designated UNC6293, which is closely related to the Russian hacki

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: