- International critics of Russia and academics have received electronic pHishing emails
- Slow building of a relationship with false teams from the United States Department of State
- Victims are cheated to share specific Google App passwords
Google Threat Intelligence Group (GTIG) has shared details of a new threat actor tracked like UNC6293, which is believed to be a group sponsored by the Russian State, aimed at academics and prominent critics of the country.
According to reports, the victims have been receiving phishing emails using counterfeit directions of 'state.gov' in the CC field to develop credibility, but instead of being beaten with immediate malicious useful loads, the attackers are using social engineering tactics to build papers with their objectives.
Google researchers discovered that slow nature attackers used to build a relationship with their victims, often sending personalized electronic emails and inviting them to private conversations or meetings.
Academics and critics are being attacked by Russia
In a screenshot shared by the Google threat intelligence team, Keir Giles, a prominent British researcher in Russia, received a false email from the United States Department of State that is believed to be part of the UNC6293 campaign.
“Several of my email accounts have been attacked with a sophisticated acquisition of accounts that involved impersonating the United States Department of State,” Giles shared on LinkedIn.
In the attack email, the victims receive a Benign PDF attached file designed to seem an invitation to safely access an environment of the State Department (false) cloud. It is this website that finally gives the attackers, which Google believes that it could be linked to APT29 (also known as Cozy Bear, Nobelium), access to a user's Gmail account.
The victims are guided to create a specific password of the application (ASP) in accounts.google.com, and then share that ASP of 16 characters with the attackers.
“The ASPs are generated access codes of randomly generated characters that allow third -party applications to access their Google account, intended for applications and devices that do not admit features such as the 2 -step verification (2SV),” Google explained.
Google highlights users can create or revoke ASP at any time, and an emerging window in their place even advises users that ASPs “are not recommended and are not unnecessary in most cases.”
However, the most important thing is that, although the attacks come in different flavors, social engineering and phishing remain highly effective vectors, and yet they are generally comparable easy to detect, with a little understanding and prior training.
The Standard Council, then, remains: avoid clicking on the attachments of the email addresses with which it is not familiar and, certainly, never share credentials of having unknown people.
