Google Issues A Warning To Gmail Users

Google’s is warning users of its popular email service Gmail that there has been a security breach that makes it possible for hackers to read their emails and that some users may have been exposed for an entire year. The threat was detected by Google’s Threat Analysis Group (TAG) which disclosed that the threat is targeting a small group of users based in Iran.

In the same as many other malware  threats work, it begins with victims being sent a message which they are tricked into clicking on and downloading an attached document. If a Gmail user downloads the malicious file, then it will covertly install an extension onto their browser.

According to the Google TAG Report, the threat is from an espionage group which it says is backed by the Iranian government. “As part of TAG's mission to counter serious threats to Google and our users, we've analysed a range of persistent threats including APT35 and Charming Kitten, an Iranian government-backed group that regularly targets high risk users... For years, we have been countering this group’s efforts to hijack accounts, deploy malware, and their use of novel techniques to conduct espionage aligned with the interests of the Iranian government. Now, we’re shining light on a new tool of theirs.” 

The threat group known as Charming Kitten runs the tool called Hyoerscraoe, designed to steal user data from email services including Gmail, Yahoo and Outlook. According to TAG, the attacker runs Hyperscape on their own machine to download victims’ inboxes using previously acquired credentials.

In order for Hyperscrape to be executed, the attackers need to have already acquired the victim's user credentials.  Once logged in, the tool changes the account’s language settings to English and iterates through the contents of the mailbox, individually downloading messages as .eml files and marking them unread. After the programme has finished downloading the inbox, it reverts the language back to its original settings and deletes any security emails from Google.

Google has since notified the affected users while taking action to re-secure those accounts. Although only a handful of carefully-selected Iran-based users of Gmail were targeted by Hyperscrape, for those people affected, having their emails intercepted places them in personal danger.

TAG is committed to sharing research to raise awareness on bad actors like Charming Kitten within the security community, and for companies and individuals that may be targeted. “It’s why we do things like work with our Cyber Crime Investigation Group to share critical information relevant to law enforcement. We hope doing so will improve understanding of tactics and techniques that will enhance threat hunting capabilities and lead to stronger protections across the industry, “says their Report.

Google:     Google:     Forbes:    Express:    OhMyMag

You Might Also Read: 

The Top 3 Current Email Threats:

 

« US Government Will Invest $15 Billion In National Cyber Security
How To Prepare For A Cyber Crisis »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The Networking People (TNP)

The Networking People (TNP)

TNP supplies independent advice allowing large organisations to design, build and operate their own networks independently of the established telecoms companies.

Ministry of Defence Georgia - Cyber Security Bureau

Ministry of Defence Georgia - Cyber Security Bureau

The aim of the Cyber Security Bureau is to establish and develop stable, effective and secure Information and Communication Technology systems for the Civil Office of MoD of Georgia.

Guy Carpenter

Guy Carpenter

Guy Carpenter delivers a powerful combination of broking expertise, strategic advisory services, and industry-leading analytics.

Maritime Cyber Alliance

Maritime Cyber Alliance

Maritime Cyber Alliance was established in 2017 by Airbus , CSOAlliance , MCSA & Wididi to provide a medium for both public Cyber Safety advice and for businesses to discuss Cyber concerns.

SecuLution

SecuLution

SecuLution is an Antivirus product using Application Whitelisting which offers much more protection than Virus Scanners ever can.

Agesic

Agesic

Agesic is an institution that leads the development of the Digital Government and the Information and Knowledge Society in Uruguay.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

spiderSilk

spiderSilk

spiderSilk is a Dubai-based cybersecurity firm, specializing in simulating the most advanced cyber offenses on your technology so you can build your best security defenses.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

VIRTIS

VIRTIS

VIRTIS' mission is to provide today's leading organizations peace of mind that their entire digital network perimeter is safe from hackers and data breach.

Cheops Technology

Cheops Technology

Cheops is a specialist in IT Business Technology Services. We help SMEs and large companies build, optimize and manage their IT so they can focus on their core business.

Total Secure Technology

Total Secure Technology

Total Secure Technology provides trusted Managed IT Security and Managed IT Services for organizations looking to increase their cybersecurity defensive posture.

Crypto Legal

Crypto Legal

Crypto Legal is a leading UK-based law firm specialising in blockchain forensics and legal services.

Benchmark IT Services (BITS)

Benchmark IT Services (BITS)

BITS is a leading cyber security company in Australia. Our certified professionals work with you to keep your data assets safe and secure.

Synergy ECP

Synergy ECP

Synergy ECP has a talented, dedicated staff to provide a broad range of services to the defense and intelligence industries.