Google Reveals Attack On Gmail

Hundreds of personal accounts, including those of senior U.S. government officials, are affected



Google this week revealed a phishing attack that targets users of its Gmail accounts, including well-known government officials.

"Through the strength of our cloud-based security and abuse detection systems, we recently uncovered a campaign to collect user passwords, likely through phishing," Google said in a blog.

"This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries ]predominantly South Korea], military personnel, and journalists.

"The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings," the blog states.

Google said it has "disrupted" the phishing campaign, notified the victims, and "secured" their accounts. The search engine giant said it has notified government authorities.

"It’s important to stress that our internal systems have not been affected -- these account hijackings were not the result of a security problem with Gmail itself," Google states.

Many security vendors and experts offered their perspectives on the Gmail attack.

"This Google attack is another example that supports the premise that if your organization has any electronically stored information that could be of value to someone or some other organization, then you should assume that an attempt to access it will be made though some type of cyber attack or social engineering attempt," said Mike Paquette, chief strategy officer at Top Layer Security.

"Phishing attacks are requiring less user intervention," Paquette said. "In fact, today, many of these attacks are no longer directly 'asking' users to provide sensitive information, but instead rely on tempting the user to click on a hyperlink, launching their Web browser to a malicious website that will remotely exploit their computer, depositing malware that will simply steal the sensitive information and exfiltrate it."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service