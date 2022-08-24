



Google’s Threat Analysis Group warns of new spy group Gmail threat

A newly released report from Google’s Threat Analysis Group (TAG) shows that the Iranian government-backed espionage threat group has a new tool that has successfully hacked a small number of Gmail user accounts. It became clear.

The group goes by the name Charming Kitten, but this cat is unattractive and has very sharp claws.

A report written by TAG’s Ajax Bash confirms that a tool called HYPERSCRAPE is “used to steal user data from Gmail, Yahoo!, and Microsoft Outlook accounts.”

Bash has confirmed that the state-backed group behind the HYPERSCRAPE hack successfully compromised a small number of Gmail accounts. “We have seen it deployed to less than 20 accounts located in Iran,” Bash said, adding that Google has notified affected users and has “taken steps to re-secure these accounts. he added.

What is Hyper Scrape?

The HYPERSCRAPE tool was first detected by Google TAG researchers in December 2021, but further investigation revealed that the oldest attacks date back to 2020.

It uses spoofing techniques to make it look like an old and outdated web browser. This allows the tool to “see” your Gmail inbox in a basic HTML view. HYPERSCRAPE can scan the contents of compromised Gmail inboxes and other mailboxes and download email messages one by one. Once this process is complete, the email will be marked as unread and any Google security messages or warnings will be removed.

Bash also said that some versions of the hacking tool were able to export all user data as a downloadable archive using the Google Data Export feature. It’s unclear if or why this feature was removed.

How dangerous is HYPERSCRAPE?

Clearly, HYPERSCRAPE is a very dangerous threat for those targeted by Charming Kitten. However, these targets are very carefully chosen and, as Bash states, only a handful of users are known to have been compromised. All these users were based in Iran.

Additionally, executing HYPERSCRAPE would require the attacker to have the victim’s user credentials. This also reduces the chances of everyday users being affected. If an attacker gets hold of the user’s credentials, he’s pretty much game over anyway.

In the case of HYPERSCRAPE, the attacker does not want the victim to know that their credentials have been compromised and their Gmail account accessed. Charming Kitten is a persistent advanced threat group that can repeatedly hack emails at their leisure by resetting mailboxes to their original state and removing all security warnings from Google to hide their tracks. I hope to become like you.

According to Bash, the news of the discovery is intended to “raise awareness within the security community of malicious actors like Charming Kitten and of high-risk individuals and organizations who may be targeted by threat groups.” It is said to be published.

Mitigate the threat of HYPERSCRAPE and other Gmail attacks

If you fall into one of these categories, Google recommends joining the Advanced Protection Program (APP) and taking advantage of enhanced Safe Browsing at the Google account level.

If not, you should continue to focus on security, even though the risk of falling victim to HYPERSCRAPE is low. This is the extreme end of the threat spectrum, but if you use weak passwords and don’t implement two-factor authentication for your Google accounts, you’re a target for everyday cybercriminals. Controlling your Gmail account is like having the keys to the hacking kingdom. Password reset links sent to emails, bank account details, and personal data all lead to huge security disruptions that can be avoided by having a better basic security posture.

