A well-known British expert on Russia was targeted in a sophisticated social engineering attack that exploited app-specific passwords to bypass multi-factor authentication. The attack, likely carried out by a Russian state-sponsored group, highlights vulnerabilities in account security and the evolving tactics of threat actors. #UNC6923 #APT29
Keypoints
- The attack involved highly customized phishing techniques using official-looking emails and documents.
- Threat actors used app-specific passwords (ASPs) to access accounts despite multi-factor authentication protections.
- Google detected the suspicious activity, which was linked to a Russian state-sponsored group likely related to APT29.
- The attacker’s method included convincing the target to generate and share secure credentials, providing full access to email accounts.
- This incident exposes potential security gaps in the use of ASPs and phishing defenses, emphasizing the need for improved security awareness.
Read More: https://therecord.media/keir-giles-russia-expert-email-attack-gtig-citizen-lab-reports