Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims' emails. Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the Citizen Lab, stating the activity seeks to impersonate the U.S. Department of State. "From at least April through early June 2025, this actor targeted prominent academics and critics of Russia, often using extensive rapport building and tailored lures to convince the target to set up application specific passwords (ASPs), GTIG researchers Gabby Roncone and Wesley Shields said. "Once the target shares the ASP passcode, the attackers establish persistent access to the victim's mailbox." The activity has been attributed by Google to a threat cluster it tracks as UNC6293, which it says is likely affiliated with the Russian state-sponsored hacking group called APT29 (aka BlueBravo, Cloaked Ursa, CozyLarch, Cozy Bear, ICECAP, Midnight Blizzard, and The Dukes). The social engineering unfolds over a span of several weeks to establish rapport with targets, rather than induce a sense of pressure or urgency that may have otherwise raised suspicion. This involves sending benign phishing emails disguised as meeting invitations that include no less than four different fictitious addresses with the "@state.gov" email address in the…Read More