Google Reveals Attack On Gmail
Hundreds of personal accounts, including those of senior U.S. government officials, are affected
Google this week revealed a phishing attack that targets users of its Gmail accounts, including well-known government officials.
"Through the strength of our cloud-based security and abuse detection systems, we recently uncovered a campaign to collect user passwords, likely through phishing," Google said in a blog.
"This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries ]predominantly South Korea], military personnel, and journalists.
"The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings," the blog states.
Google said it has "disrupted" the phishing campaign, notified the victims, and "secured" their accounts. The search engine giant said it has notified government authorities.
"It’s important to stress that our internal systems have not been affected -- these account hijackings were not the result of a security problem with Gmail itself," Google states.
Many security vendors and experts offered their perspectives on the Gmail attack.
"This Google attack is another example that supports the premise that if your organization has any electronically stored information that could be of value to someone or some other organization, then you should assume that an attempt to access it will be made though some type of cyber attack or social engineering attempt," said Mike Paquette, chief strategy officer at Top Layer Security.
"Phishing attacks are requiring less user intervention," Paquette said. "In fact, today, many of these attacks are no longer directly 'asking' users to provide sensitive information, but instead rely on tempting the user to click on a hyperlink, launching their Web browser to a malicious website that will remotely exploit their computer, depositing malware that will simply steal the sensitive information and exfiltrate it."
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024