Latest news with #UNC6293

Forbes

Secure Your Gmail Now As Google Warns Of Password Attacks

Secure your Gmail account now as attacks confirmed. The Google Threat Intelligence Group has warned that UNC6293, a Russian state-sponsored hacking unit, is targeting Gmail users in a recent password-stealing threat campaign affecting users of the world's most popular email platform. This is just one of a string of attacks that stretch back over the years, but have now evolved to include sophisticated 2FA bypass threats, phishing attacks that appear to originate from Google itself, and highly believed hybrid attacks involving human hackers alongside AI-powered ones. Although Gmail is not the only email platform plagued by security threats, it's the large user base and the access to data that a Gmail account password provides that make it such an attractive target. Here's what you need to do to secure yours. How To Secure Your Gmail Account Against Password Hackers Gabby Roncone and Wesley Shields, from the Google Threat Intelligence Group, have published an in-depth report that confirmed one critical attack campaign, executed by Russian state-sponsored hackers who are part of the UNC6293 group, targeted Gmail users with lures designed to persuade them to create an application specific password to allow a third-party app access to their Gmail accounts. One such attack is described on LinkedIn by Kier Giles, a respected researcher of Russian power projections, who said, "Several of my email accounts have been targeted with a sophisticated account takeover that involved impersonating the U.S. State Department.' In mitigation of the UNC6293 application specific password attacks, the Google Threat Intelligence Group said that users have complete control over their ASP's and a notification is sent as soon as one is created to the Gmail account involved and any devices signed in using it, 'to ensure the user intended to enable this form of authentication.' Of course, these attacks involve a lot of social engineering, so protections need to run further than this, which is why Google operates the Advanced Protection Program 'intended for individuals at high risk of targeted attacks and exposure to other serious threats.' Using the APP, prevents an account from creating an ASP at all. More broadly, Gmail users are advised to take action to prevent Gmail hack attacks as follows: