Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Intelligence

Iranian Gmail accounts targeted by state-sponsored attack

Google revealed that tens of thousands of Gmail accounts belonging to Iranian users have been targeted by state-sponsored attacks. The Google company announced that tens of thousands of Gmail accounts of Iranian users have been targeted hacked. The attacks seem to be organized by a group of state sponsored hackers few days before presidential elections. The […]

Iranian Gmail accounts targeted by state-sponsored attack

Google revealed that tens of thousands of Gmail accounts belonging to Iranian users have been targeted by state-sponsored attacks.

The Google company announced that tens of thousands of Gmail accounts of Iranian users have been targeted hacked. The attacks seem to be organized by a group of state sponsored hackers few days before presidential elections.

The eleventh election for President of the Republic of Iran are held in June, 2013, with a first round on Friday, 14 June,  with a possible runoff  on June 21th.

Google this week warned of increased phishing activity, during the last days the company declared to have detected various suspicious activities, following a portion of the bulletin:

“For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region. The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.” declared Eric Grosse Vice President of Security Engineering.

Gmail accounts  Phishing Email

The phishing attacks try to deceive users with emails which appear official, they highjack victims to websites that ask to the victims to reveal data including usernames, passwords, and credit card details.

Just one year ago Google announced a service to provide specific protection for a restrict number of users that could be target for a state-sponsored attack. Every user potentially at risk was advised with a message like the one proposed in the following picture:

Of course the message is just an alert and it must be clear that it doesn’t give the certainty that account has been hacked, it’s a communication to inform the user that its account could be victims of a phishing campaign, of an APT attack or of a malware. The purpose of the initiative is to mitigate or prevent potential damage caused by the attack.

That Google alert remarked

“It’s important to note that Google’s internal systems are not compromised and that this message does not refer to one specific campaign,” the page read. “We routinely receive abuse reports from users, as well as from our internal systems that monitor for suspicious login attempts and other activity.”

Google hasn’t identified the attackers that seem to be the same group behind a Gmail hacking campaign in 2011, in that occasion hackers used for MITM attacks fraudulent digital certificates.

The advisory provided also some suggestion to the Iranian users to protect their Gmail accounts activating 2FA process of authentication provided by the company and verifying the URL visited.

if you are in Iran, we encourage you to take extra steps to protect your account,” continued Eric Grosse.

Iranian Government is considered one of the most intrusive, the regime applies a strict censorship and its surveillance apparatus is considered one of the most advanced. Early 2012 the government blocked VPN access meanwhile Google services were blocked in October.

Following a few suggestions I proposed in my previous post:

  • To enable 2-step verification as additional security.
  • To maintain systems and application updated (e.g. Browser).
  • To check if your Gmail messages are being forwarded without user’s permission

Pierluigi Paganini

(Security Affairs – Iran, Gmail accounts)