TZUTC: -0500   
   MSGID: 1208.consprcy@1:2320/105 2cc6867f   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Russian hackers target Gmail passwords to crack down on international critics   
      
   Date:   
   Mon, 23 Jun 2025 13:03:00 +0000   
      
   Description:   
   Academics and critics engaging with Russia discussions are being targeted in   
   email phishing campaign.   
      
   FULL STORY   
      
   Google Threat Intelligence Group (GTIG) has shared details of a new threat   
   actor tracked as UNC6293, believed to be a Russian state-sponsored group,   
   targeting prominent academics and critics of the country.    
      
   Victims have reportedly been receiving phishing emails using spoofed   
   '@state.gov' addresses in the CC field to build credibility, but instead of   
   being hit with immediate malicious payloads, the attackers are using social   
   engineering tactics to build rapports with their targets.    
      
   Google's researchers uncovered the slow-paced nature attackers used to build   
   rapports with their victims, often sending them personalized emails and   
   inviting them to private conversations or meetings.   
      
   Academics and critics are being targeted by Russia   
      
   In one screenshot shared by Google's threat intelligence team, Keir Giles, a   
   prominent British researcher on Russia, received a fake US Department of    
   State email believed to be part of the UNC6293 campaign.    
      
   "Several of my email accounts have been targeted with a sophisticated account   
   takeover that involved impersonating the US State Department," Giles shared    
   on LinkedIn .    
      
   In the attack email, victims receive a benign PDF attachment designed to look   
   like an invitation to securely access a (fake) Department of State cloud   
   environment. It's this website that ultimately gives the attackers, which   
   Google believes could be linked to APT29 (aka Cozy Bear, Nobelium), access to   
   a user's Gmail account.    
      
   Victims are guided to create an app-specific password (ASP) at   
   account.google.com, and then share that 16-character ASP with the attackers.    
      
   "ASPs are randomly generated 16-character passcodes that allow third-party   
   applications to access your Google Account, intended for applications and   
   devices that do not support features like 2-step verification (2SV)," Google   
   explained.    
      
   Google highlights users can create or revoke ASPs at any time, and a pop-up    
   on its site even advises users that ASPs "aren't recommended and are   
   unnecessary in most cases."    
      
   More importantly, though, is that while attacks come in all different    
   flavors, social engineering and phishing remain highly effective vectors  and   
   yet they're typically comparably easy to detect, with a bit of prior   
   understanding and training.    
      
   The standard advice, then, remains  avoid clicking on attachments from email   
   addresses you're unfamiliar with, and certainly never share account   
   credentials with unknown individuals.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/russian-hackers-target-gmail-passwords-   
   to-crack-down-on-international-critics   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428   
   SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200   
   SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426