TZUTC: -0500
MSGID: 1208.consprcy@1:2320/105 2cc6867f
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
Russian hackers target Gmail passwords to crack down on international critics

Date:
Mon, 23 Jun 2025 13:03:00 +0000

Description:
Academics and critics engaging with Russia discussions are being targeted in
email phishing campaign.

FULL STORY

Google Threat Intelligence Group (GTIG) has shared details of a new threat
actor tracked as UNC6293, believed to be a Russian state-sponsored group,
targeting prominent academics and critics of the country. 

Victims have reportedly been receiving phishing emails using spoofed
'@state.gov' addresses in the CC field to build credibility, but instead of
being hit with immediate malicious payloads, the attackers are using social
engineering tactics to build rapports with their targets. 

Google's researchers uncovered the slow-paced nature attackers used to build
rapports with their victims, often sending them personalized emails and
inviting them to private conversations or meetings.

Academics and critics are being targeted by Russia

In one screenshot shared by Google's threat intelligence team, Keir Giles, a
prominent British researcher on Russia, received a fake US Department of 
State email believed to be part of the UNC6293 campaign. 

"Several of my email accounts have been targeted with a sophisticated account
takeover that involved impersonating the US State Department," Giles shared 
on LinkedIn . 

In the attack email, victims receive a benign PDF attachment designed to look
like an invitation to securely access a (fake) Department of State cloud
environment. It's this website that ultimately gives the attackers, which
Google believes could be linked to APT29 (aka Cozy Bear, Nobelium), access to
a user's Gmail account. 

Victims are guided to create an app-specific password (ASP) at
account.google.com, and then share that 16-character ASP with the attackers. 

"ASPs are randomly generated 16-character passcodes that allow third-party
applications to access your Google Account, intended for applications and
devices that do not support features like 2-step verification (2SV)," Google
explained. 

Google highlights users can create or revoke ASPs at any time, and a pop-up 
on its site even advises users that ASPs "aren't recommended and are
unnecessary in most cases." 

More importantly, though, is that while attacks come in all different 
flavors, social engineering and phishing remain highly effective vectors  and
yet they're typically comparably easy to detect, with a bit of prior
understanding and training. 

The standard advice, then, remains  avoid clicking on attachments from email
addresses you're unfamiliar with, and certainly never share account
credentials with unknown individuals.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/russian-hackers-target-gmail-passwords-
to-crack-down-on-international-critics

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426