Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Russian Phishing Scam Bypasses Google 2FA

June 19, 2025
Reading Time: 2 mins read
in Alerts
Russian Phishing Scam Bypasses Google 2FA

Threat actors with suspected ties to Russia are now exploiting a Google account feature called application specific passwords. This novel social engineering tactic is specifically designed to gain persistent access to the email accounts of their selected victims. Details of this highly targeted campaign were disclosed by Google’s Threat Intelligence Group (GTIG) and also by the Citizen Lab. The activity seeks to impersonate the U.S. Department of State to lend credibility to their deceptive phishing email communications. From at least April through early June 2025, this actor targeted prominent academics and also various well-known critics of Russia.

The social engineering attack unfolds over a span of several weeks to patiently establish a strong rapport with all the targets.

This approach avoids inducing a sense of pressure or urgency that may have otherwise raised some suspicion from the intended victims. It involves sending benign-looking phishing emails that are disguised as meeting invitations from what appears to be a legitimate source. These emails include no less than four different fictitious addresses with the “@state.gov” email address in the CC line. The Citizen Lab noted a target might reason that if this isn’t legitimate, surely one of these State Department employees would say something.

These meticulously planned attacks trick victims into creating a 16-digit passcode that gives the adversary permission to access their mailbox. They are asked to do this under the pretext of enabling “secure communications between internal employees and also external partners.” Google describes these app passwords as a way for a less secure application or device to access a user’s Google account. This is specifically for accounts that have two-factor authentication, also known as 2FA, enabled on them for their online security.

The initial messages are designed to elicit a response from the target to set up a meeting, after which they are sent steps.

The attackers then set up a mail client to use the application specific password, likely with the end goal of accessing and reading. This method also allows the attackers to have very persistent access to the compromised accounts for an extended period of time. Google has said it observed a second campaign that was bearing Ukrainian themes, and that the attackers logged into victim accounts. They logged in mainly using residential proxies and also various VPS servers in order to evade detection by security monitoring systems. The company stated it has since taken proactive steps to secure all the accounts that were compromised by these phishing campaigns.

  • What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJune 2025
ADVERTISEMENT

Related Posts

Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025
Hackers Revive SEO Poisoning

Hackers Revive SEO Poisoning

July 10, 2025
Hackers Revive SEO Poisoning

RondoDox Botnet Exploits Router Flaws

July 10, 2025
Hackers Revive SEO Poisoning

ServiceNow Data Exposure via ACLs

July 10, 2025

Latest Alerts

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

RondoDox Botnet Exploits Router Flaws

ServiceNow Data Exposure via ACLs

Hackers Revive SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    Bitcoin Depot Breach Exposes Data

    McDonald’s AI Hiring Bot Exposes Data

    Nippon Steel Solutions Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial