Google has published an article that confirms hackers bypassed Gmail's multifactor authentication (MFA) to breach an individual's account. No, it probably won't happen to you, because this was a targeted attack.
The Google Threat Intelligence Group (GTIG) has explained what happened on Google's blog. It worked with Citizen Lab, which is known for its investigative reports, to probe the incident.
GITG had observed that hackers had crafted a sophisticated, personal, social engineering attack to target Keir Giles, a prominent British researcher on Russia. Google's team has labeled the threat actor as UNC6293, a likely Russia state-sponsored cyber actor, and links them with low confidence to APT29 / ICECAP (also called Cozy Bear), which has ties to Russia's Foreign Intelligence Service (SVR).
We have seen phishing attacks that involved messaging apps, and mercenary spyware such as Pegasus, but these hackers used a new technique. They had taken precautions to prevent Mr. Giles from getting suspicious. On May 22, 2025, the attackers impersonated a U.S. State Department official, "Claudie S. Weber", in an email that invited Mr. Giles for a private online consultation to discuss something in his field of expertise. The hacker simply used a Gmail address, but had CC-ed 4 @state.gov email addresses, likely to pose as a legitimate sender, and they had sent the email during Washington D.C. working hours too. In reality, the .gov addresses likely do not exist. Citizen Lab says that the language and grammar seems to suggest that the hackers had used a large language model or some similar AI tools to craft the emails.
Mr. Giles replied that the date may not work for him, to which the attacker replied inviting him to register for an account the State Department’s “MS DoS Guest Tenant” platform, where he would be able to attend future meetings with ease, wherever they take place. About 10 email exchanges later, the hacker sent the victim a PDF file with details on how to register for the said account. The PDF in question was carefully crafted to look like an official document and contained markings, revision history.
This is where the mystery unfolded, as the PDF contained instructions to create an app-specific password for his Gmail account. Google says that this threat actor had targeted prominent academics and critics of Russia from early April to June 2025, building rapport, luring them to set up app specific passwords (ASPs), which they then exploit to gain persistent access to the victim's mailbox. Unfortunately, Mr. Giles was tricked by the patient, clever hackers, into creating ASPs for his accounts.
Google says it identified the attack and managed to lock down the impacted accounts, while blocking the attacker's emails. This is when Mr. Giles had discovered that a suspicious login attempt had been made in early June. An extensive report of the incident has been published by the security researches at Citizen Lab.
GITG says there was a similar-crafted attack that involved a campaign with a Ukrainian theme and a Microsoft ASP, where the attackers directed the target to share the app specific password with them, to set up a mail client and spy on their email correspondence.
This is a rare case scenario in which attackers targeted a person of interest. I'm not saying this won't happen to us commoners, but the fact that app specific passwords were used to hack the account is concerning. Just be careful which app you're signing in to using ASPs, or avoid them altogether and use OAuth to sign in to apps with your Google account, or Apple's, etc. In case you fear being state sponsored attacks, you can enable Lockdown Mode on your iPhone, or Advanced Protection Mode on Android.
While we are on the topic of security, there are reports circling around which state that 16 Billion passwords were exposed in a data breach, and that this data includes user credentials for Google, Facebook, Apple, etc. Bleeping Computer says this wasn't a breach at all, rather this is just a dataset, i.e. a collection of previous data breaches.
Google recently advised users to stop using passwords in favor of passkeys, and social sign-ins. I think this story provides some better context to its recommendation.
The Velvet Sundown burst onto the music scene in early June and in the space of just a few weeks gained an astonishing 400,000 monthly listeners on Sp
I had an experience this week which forcefully reminded me that ChatGPT and Google’s Gemini were great but not perfect. And to be clear, I have jumped
As AI starts dominates the technology landscape, it becomes more and more appealing to give the software a try, however it can be somewhat intimidatin
Android devices have offered a built-in screen reader feature called TalkBack for years. It helps people with vision problems to make sense of what ap
In a showcase of where audio tech is headed, Soundcore, the premium sub-brand of Anker Innovations, took the stage at Microsoft Build 2025 this week w
ChatGPT’s recent image generation capabilities have challenged our previous understanding of AI-generated media. The recently announced GPT-4o model d
I remember when ChatGPT first appeared, and the first thing everyone started saying was “Writers are done for.” People started speculating about news
Everyone’s heard the expression, “Politeness costs nothing,” but with the advent of AI chatbots, it may have to be revised.Just recently, someone on X
We are a comprehensive and trusted information platform dedicated to delivering high-quality content across a wide range of topics, including society, technology, business, health, culture, and entertainment.
From breaking news to in-depth reports, we adhere to the principles of accuracy and diverse perspectives, helping readers find clarity and reliability in today’s fast-paced information landscape.
Our goal is to be a dependable source of knowledge for every reader—making information not only accessible but truly trustworthy. Looking ahead, we will continue to enhance our content and services, connecting the world and delivering value.
