A Russian-linked hacking group exploited Googleβs application-specific password feature to bypass two-factor authentication and access Gmail accounts. The operation involved highly sophisticated, AI-polished phishing emails targeting high-profile individuals like the US State Department and UK officials. #UNC6293 #APT29 #GoogleThreat #Phishing #StateDepartment
Keypoints
- The hacking group used a new low-and-slow phishing technique to bypass MFA protections.
- The attack involved impersonating US State Department officials with tailored email campaigns.
- Victims were instructed to generate and send back app-specific passwords to gain access.
- Google linked these attacks to APT29, a Russian government-backed cyber espionage group.
- Authorities advise targets to use Googleβs Advanced Protection and review account security settings.
Read More: https://www.securityweek.com/russian-hackers-bypass-gmail-mfa-with-app-specific-password-ruse/