Therefore,
Gmail double authentication no longer:
Russian hackers. Nevertheless, suspected of belonging to the Apt29 group (alias Cozy Bear), managed to circumvent the double authentication of Gmail without exploiting technical flaws, but by targeting the weak link in the chain: humans. Moreover, We take stock of this social engineering operation of a rare sophistication which targeted researchers. Meanwhile, criticisms of the Russian regime.
Keir Giles, a British specialist in Russian influence operations, thought it was a regular at phishing attempts. Consequently, But he. However, like other experts, researchers, and criticisms of the Russian regime, were the target of a new genre attack: no fraudulent link, no malicious software, but a social engineering operation of formidable patience.
In two reports published on June 18. In addition, 2025, Google Threat Intelligence Group and The Citizen Lab describe the operating mode of this attack which is based on gmail double authentication no longer a tool often overlooked by Gmail boxes: the password of application.
An attack on patience – Gmail double authentication no longer
For Keir Giles, it all started with an email, signed Claudie S. Consequently, Weber, an alleged head of the US State Department, inviting him to a confidential meeting. Therefore, The exchange stretches over several weeks: impeccable English, false official addresses in copying, invitations to fictitious meetings … Consequently, The hackers. suspected of belonging to the Apt29 group (alias Cozy Bear), take care of every detail to gain the confidence of their target.
Your data deserve to be better protected.
Sociations, viruses and ransomware are no longer inevitable. Protect your privacy and personal data with Bitdefender and enjoy your digital life with confidence.
Their goal? Bringing the British researcher to generate and send them an ASP, a Google “Application Word”. This unknown feature allows old. less secure applications to directly access a Gmail account, even when the double authentication is activated.
To justify the maneuver, hackers explain that this password is necessary to access a secure platform or confidential documents. They present this as a normal and compulsory procedure to integrate the email address into protected areas. Hackers even provide detailed PDF guides, explaining step by step how to create and transmit the famous application password.
No malware or fraudulent link. Everything is based on trust gmail double authentication no longer and psychological manipulation.
Google recommends further securing risk accounts
Google specifies that it has observed. secured several Gmail accounts compromised in the context of these campaigns, which proves that it was not an isolated case, but a wider operation aimed at multiple high -risk people.
« It is not a technical flaw of Gmail. but an abuse of a legitimate functionality, thanks to a very advanced social engineering Shane Huntley, head of the Threat Analysis Group at Google.
Google has since secured the compromise accounts and recommends that people at risk of activating its Advanced Protection Program. A special configuration of Gmail boxes. designed to avoid the risk of hacking as much as possible, and which notably prohibits the creation of these famous gmail double authentication no longer application passwords.
All tech news in the blink of an eye
Add Numerama to your home screen. stay connected to the future!
Further reading: Good plan-The Hi-Fi (passive) Focal Aria Evo XN ° 1 “5” 5-star “speaker at € 999.99 (-23%) – When Hideo Kojima’s delivery man takes up arms – A new study highlights a detail that could explain the fate of the planets – The Dell Pro 14 Premium perfectly illustrates one of the main advantages of Intel Lunar Lake – Hytale canceled: Riot Games Farm Hypixel Studios, Brutal end for a promising project – Hytale.
