Google Issues A Warning To Gmail Users

Uploaded on 2022-09-06 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Google’s is warning users of its popular email service Gmail that there has been a security breach that makes it possible for hackers to read their emails and that some users may have been exposed for an entire year. The threat was detected by Google’s Threat Analysis Group (TAG) which disclosed that the threat is targeting a small group of users based in Iran.

In the same as many other malware  threats work, it begins with victims being sent a message which they are tricked into clicking on and downloading an attached document. If a Gmail user downloads the malicious file, then it will covertly install an extension onto their browser.

According to the Google TAG Report, the threat is from an espionage group which it says is backed by the Iranian government. “As part of TAG's mission to counter serious threats to Google and our users, we've analysed a range of persistent threats including APT35 and Charming Kitten, an Iranian government-backed group that regularly targets high risk users... For years, we have been countering this group’s efforts to hijack accounts, deploy malware, and their use of novel techniques to conduct espionage aligned with the interests of the Iranian government. Now, we’re shining light on a new tool of theirs.” 

The threat group known as Charming Kitten runs the tool called Hyoerscraoe, designed to steal user data from email services including Gmail, Yahoo and Outlook. According to TAG, the attacker runs Hyperscape on their own machine to download victims’ inboxes using previously acquired credentials.

In order for Hyperscrape to be executed, the attackers need to have already acquired the victim's user credentials.  Once logged in, the tool changes the account’s language settings to English and iterates through the contents of the mailbox, individually downloading messages as .eml files and marking them unread. After the programme has finished downloading the inbox, it reverts the language back to its original settings and deletes any security emails from Google.

Google has since notified the affected users while taking action to re-secure those accounts. Although only a handful of carefully-selected Iran-based users of Gmail were targeted by Hyperscrape, for those people affected, having their emails intercepted places them in personal danger.

TAG is committed to sharing research to raise awareness on bad actors like Charming Kitten within the security community, and for companies and individuals that may be targeted. “It’s why we do things like work with our Cyber Crime Investigation Group to share critical information relevant to law enforcement. We hope doing so will improve understanding of tactics and techniques that will enhance threat hunting capabilities and lead to stronger protections across the industry, “says their Report.

Google:     Google:     Forbes:    Express:    OhMyMag

You Might Also Read: 

The Top 3 Current Email Threats:

 

« US Government Will Invest $15 Billion In National Cyber Security
How To Prepare For A Cyber Crisis »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

PRESENSE Technologies

PRESENSE Technologies

PRESENSE Technologies specializes in monitoring and enforcing IT security policies at critical points in the network and on end systems.

Heidrick & Struggles International

Heidrick & Struggles International

Heidrick & Struggles is a premier provider of leadership consulting and senior-level executive search services for roles including Information & Technology Officers and Cybersecurity.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

Brookcourt Solutions

Brookcourt Solutions

Brookcourt Solutions delivers cyber security, network monitoring technologies and managed security services to help secure and protect your organisation’s critical infrastructure.

SecureTech360

SecureTech360

SecureTech360 is a cybersecurity and IT consulting firm whose principals have extensive experience in Cybersecurity and Information Technology.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

Easy Dynamics

Easy Dynamics

Easy Dynamics is a leading technology services provider with a core focus in Cybersecurity, Cloud Computing, and Information Sharing.

Lumifi

Lumifi

Lumifi provide end-to-end cybersecurity resilience solutions with a specialty in managed detection and response (MDR) services.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

Unisys

Unisys

Unisys is a global information technology company providing industry-focused solutions integrated with leading-edge security to clients in the government, financial services and commercial markets.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

Flare Systems

Flare Systems

Flare proactively detects and remediates exposure across the clear & dark web, providing organizations with the equivalent of an automated cyber reconnaissance team.

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.