Google: Phishers stole e-mail from U.S. officials, others
A phishing campaign compromised hundreds of accounts with targeted messages
IDG News Service - Google has disrupted what it believes to be a targeted phishing campaign aimed at stealing e-mail from government officials, contractors and military personnel.
The criminals behind the campaign have broken into hundreds of Gmail accounts belonging to "U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists," among others, Google said in a blog post published Wednesday.
The company believes that the accounts were compromised "likely through phishing" by a cyber campaign run out of Jinan, China. That's the city whose Lanxiang Vocational School was linked in a New York Times report last year to the December 2009 attacks on Google's back-end systems. The targets of the 2009 campaign were human rights activists, and activists were also hit by this recent phishing campaign, Google said.
The phishing campaign was first publicly disclosed by the blog Contagio Malware Dump, which reported in February that government personnel and contractors were being hit with what are known as spear-phishing attacks. These attacks use specially crafted e-mail messages, written to appear like they come from someone known to the victim.
Victims were sent spoofed e-mail messages that looked like they came from friends or partner agencies, including targets in the U.S. Department of State, the Office of the Secretary of Defense, and Defense Intelligence, Contagio Malware Dump reported. "The message is crafted to appear like it has an attachment with links like View Download and a name of the supposed attachment. The link leads to a fake Gmail login page for harvesting credentials," Contagio Malware Dump said.
Once they had access to the Gmail accounts, the hackers then forwarded e-mail to their own addresses and harvested the data they found in order to launch future attacks.
Although these spear-phishing attacks didn't affect a lot of users, attacks on Web-based e-mail accounts have become a common problem for companies such as Google, Microsoft and Yahoo. Just last month Microsoft patched a Web programming bug in its Hotmail service that allowed hackers to break into e-mail accounts. Security vendor Trend Micro said that that flaw was used to steal e-mail messages.
Webmail accounts are often hit with less sophisticated, widespread attacks, too. Scammers like hacked e-mail accounts because they can use them to circumvent spam filters. Even users who do not handle sensitive information routinely find their Webmail accounts broken into and used to promote things such as illegal pharmaceutical websites.
Google has notified the victims of the attack and secured their accounts. The company has also "notified relevant government authorities," it said in its blog post.
- Hackers steal user data from the European Central Bank website, demand money
- Arrests made after international cyber-ring targets StubHub
- SQL injection flaw opens door for Wall Street Journal database hack
- Goodwill Industries probes possible payment card breach
- Aloha point-of-sale terminal, sold on eBay, yields security surprises
- The biggest data breaches of 2014 (so far)
- Blue Shield discloses 18,000 doctors' Social Security numbers
- PF Chang's says breach was 'highly sophisticated criminal operation'
- Breaches exposed 1 in 7 US debit cards in 2013
- New malware program targets banking data
- The Critical Incident Response Maturity Journey As organizations rebalance their security defenses to combat today's sophisticated threats, they're recognizing that centralized incident response capabilities are key.
- Advanced Attacks Demand New Defenses Cyber-criminals wielding APTs have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss....
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Data Protection eGuide In this eGuide, CSO and sister publications IDG News Service, Computerworld, and CIO pull together news, trend, and how-to articles about the increasingly...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!