In a concerning development, international critics of Russia and various academics have fallen victim to a series of phishing attacks. The Google Threat Intelligence Group (GTIG) has identified these incidents, attributing them to a suspected Russian state-sponsored group known as UNC6293. The attackers are targeting high-profile individuals, employing some clever social engineering tactics.
Instead of unleashing immediate malicious payloads, these perpetrators have opted for a more subtle approach. They send phishing emails that appear to come from the ‘@state.gov’ domain, adding names to the CC field to lend a veneer of legitimacy. This long-game strategy builds rapport with the victims, making it easier for them to manipulate their targets.
One notable victim is Keir Giles, a well-respected British researcher focused on Russia. He recently reported on LinkedIn that several of his email accounts were impersonated in an advanced account takeover scheme that mimicked the US Department of State. In the phishing emails, victims typically receive a seemingly harmless PDF attachment designed to look like an invitation to access a fictitious Department of State cloud service. Unfortunately, this fake site allows attackers to compromise users’ Gmail accounts.
In these attacks, victims are instructed to generate an app-specific password (ASP) at account.google.com, which they then unwittingly share with the attackers. Google describes ASPs as 16-character codes that allow third-party applications to access Google accounts—created for apps that don’t support features like two-step verification (2SV).
While Google emphasizes that users can generate or revoke these passwords at any time, they also warn that ASPs are “not recommended” in most cases. It’s crucial to stay vigilant, as social engineering and phishing tactics continue to evolve. The basic advice remains clear: don’t click on attachments from unfamiliar email addresses and never share your account credentials with anyone you don’t know.
As these phishing schemes become increasingly sophisticated, awareness and training are essential for everyone to help mitigate the risks.
