Google Issues A Warning To Gmail Users

Google’s is warning users of its popular email service Gmail that there has been a security breach that makes it possible for hackers to read their emails and that some users may have been exposed for an entire year. The threat was detected by Google’s Threat Analysis Group (TAG) which disclosed that the threat is targeting a small group of users based in Iran.

In the same as many other malware  threats work, it begins with victims being sent a message which they are tricked into clicking on and downloading an attached document. If a Gmail user downloads the malicious file, then it will covertly install an extension onto their browser.

According to the Google TAG Report, the threat is from an espionage group which it says is backed by the Iranian government. “As part of TAG's mission to counter serious threats to Google and our users, we've analysed a range of persistent threats including APT35 and Charming Kitten, an Iranian government-backed group that regularly targets high risk users... For years, we have been countering this group’s efforts to hijack accounts, deploy malware, and their use of novel techniques to conduct espionage aligned with the interests of the Iranian government. Now, we’re shining light on a new tool of theirs.” 

The threat group known as Charming Kitten runs the tool called Hyoerscraoe, designed to steal user data from email services including Gmail, Yahoo and Outlook. According to TAG, the attacker runs Hyperscape on their own machine to download victims’ inboxes using previously acquired credentials.

In order for Hyperscrape to be executed, the attackers need to have already acquired the victim's user credentials.  Once logged in, the tool changes the account’s language settings to English and iterates through the contents of the mailbox, individually downloading messages as .eml files and marking them unread. After the programme has finished downloading the inbox, it reverts the language back to its original settings and deletes any security emails from Google.

Google has since notified the affected users while taking action to re-secure those accounts. Although only a handful of carefully-selected Iran-based users of Gmail were targeted by Hyperscrape, for those people affected, having their emails intercepted places them in personal danger.

TAG is committed to sharing research to raise awareness on bad actors like Charming Kitten within the security community, and for companies and individuals that may be targeted. “It’s why we do things like work with our Cyber Crime Investigation Group to share critical information relevant to law enforcement. We hope doing so will improve understanding of tactics and techniques that will enhance threat hunting capabilities and lead to stronger protections across the industry, “says their Report.

Google:     Google:     Forbes:    Express:    OhMyMag

You Might Also Read: 

The Top 3 Current Email Threats:

 

« US Government Will Invest $15 Billion In National Cyber Security
How To Prepare For A Cyber Crisis »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

SABSACourses

SABSACourses

SABSA is a development process used for solving complex problems such as IT Operations, Risk Management, Compliance & Audit functions.

Pen Test Partners LLP

Pen Test Partners LLP

Pen Test Partners provides penetration testing, security assessment and training services.

Obsidian Strategics

Obsidian Strategics

Obsidian products are enterprise-class devices supporting the InfiniBand secure data transmission protocol used in Supercomputer and HPC environments.

Gamma

Gamma

Gamma provide a comprehensive range of next generation voice, data and mobile services including Managed Network Security and secure Mobile solutions.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

CloudHesive

CloudHesive

CloudHesive provides cloud solutions through consulting and managed services with a focus on security, reliability, availability and scalability.

MNCERT/CC

MNCERT/CC

MNCERT/CC is the national Computer Emergency Response Team for Mongolia.

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

Athena Dynamics

Athena Dynamics

Athena Dynamics focuses on Cyber Security, especially in Critical Information Infra-structure Protection and Enterprise IT Operation Management products and Services.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

Sectigo

Sectigo

Sectigo is a leading cybersecurity provider of digital identity solutions, including TLS / SSL certificates, DevOps, IoT, and enterprise-grade PKI management, as well as multi-layered web security.

Cryptika

Cryptika

Cryptika is a fully integrated IT security and managed services provider, specialized in Next-Generation Cyber Security Technologies.

Sevren

Sevren

Sevren is a Next Generation Application Security Management & Orchestration Platform.

Tetra Defense

Tetra Defense

Tetra Defense is a leading incident response, cyber risk management and digital forensics firm.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.