- International criticisms of Russia and academics have received phishing emails
- Slow report building with false teams from the US State Department
- The victims are deceived to share the specific passwords for Google App
Google Threat Intelligence Group (GTIG) shared the details of a new threat player followed as UNC6293, considered a Russian group sponsored by the State, targeting academics and leading criticism from the country.
The victims would have received phishing emails using usurped addresses “@ state.gov” in the CC field to strengthen credibility, but instead of being struck with immediate malicious charges, the attackers use social engineering tactics to establish relations with their targets.
Google researchers discovered nature attackers at the slow rate used to establish relationships with their victims, often sending them personalized emails and inviting them to conversations or private meetings.
Academics and criticisms are targeted by Russia
In a screenshot shared by the intelligence team on the threats of Google, Keir Giles, an eminent British researcher on Russia, received a false email from the American State Department which would be part of the UNC6293 campaign.
“Several of my messaging accounts have been targeted with a sophisticated accounting of accounting that involved an identity theft from the American State Department,” said Giles on LinkedIn.
In the attack email, the victims receive a benign attachment from the PDF designed to look like an invitation to securely access a (false) State Department in the cloud environment. It is this website that ultimately gives attackers, which, according to Google, could be linked to Apt29 (AKA Cozy Bear, Nobelium), access to the Gmail account of a user.
The victims are guided to create a specific password for application (ASP) on account.google.com, then share this 16 -character ASP with attackers.
“ASPs are randomly generated with 16 -characters access codes that allow third -party applications to access your Google account, intended for applications and devices that do not support functionality such as 2 -step verification (2SV),” said Google.
Google stresses that users can create or revoke the ASP at any time, and a contextual window on its site even advises users that ASPs “are not recommended and are not necessary in most cases”.
More importantly, however, even if the attacks arise in all flavors, social engineering and phishing remain very effective vectors – and yet they are generally comparable to detect, with a little understanding and prior training.
Standard advice therefore remain – avoid clicking on attachments from email addresses that you do not know, and certainly never share the account identification information with unknown individuals.
