Skip to main content
  1. Home
  2. Computing
  3. News

Hackers found a way to access Gmail, Outlook, and Yahoo inboxes

Fionna Agomuoh
By

Iranian state-sponsored hackers have discovered ways to infiltrate the Gmail, Yahoo, and Outlook inboxes of at least two dozen high-profile users and download their content, according to a report from the Google Threat Analysis Group (TAG).

The government-backed group known as Charming Kitten originally developed a hacking tool called Hyperscape in 2020 and has used it to orchestrate the recent cyberattacks. TAG was able to get a hold of a version of this tool for analysis, TechRadar reported.

NurPhoto/Getty Images

Google explained that the attack works in a stealth fashion where there is no typical hacking ritual, such as tricking a user into downloading malware. Instead, hackers control the tool from their end, taking advantage of vulnerabilities, such as compromised account credentials or stolen session cookies, in order to access an account.

While this particular cyberattack may have been politically motivated, Google is clearly interested in how these vulnerabilities might be used by others in the future.

A recent report from Sophos details how cookie stealing is among the latest trends in cybercrime. Hackers use the method to bypass security measures such as multifactor authentication and access private databases.

In this case, once logged into the email account, hackers use the tool to trick the email service into thinking a browser is outdated, which then switches it to a basic HTML view. Then it changes the inbox language to English and opens emails individually to begin downloading them in a .eml format. The hackers then mark any opened emails as unread and delete any warning emails, set the inbox back to its original language, and exit.

Despite its seemingly smooth execution, Google has learned a lot about the cyberattacks and has notified all of the known accounts that were affected through its Government Backed Attacker Warnings. TAG has deciphered that the tool was written in .NET for Windows PCs and noted attacks might work differently in Yahoo and Outlook inboxes. At this time, the security group has only tested the tool in Gmail.

Editors' Recommendations

Google’s new privacy tool lets you know if your personal info was leaked
A Google presenter announcing alerts for personal info.
New malware can steal your credit card details — and it’s spreading fast
An individual surrounded by several computers typing on a laptop.
This new Windows 11 feature will help you protect your passwords
A man sits, using a laptop running the Windows 11 operating system.
Instagram is building a ‘nudity protection’ tool for your DMs
Instagram app on the Google Play Store on an Android smartphone.
Best laser printer deals: Save on Brother and Canon today
A person uses a smartphone to print something with a Brother MFC-L2710DW wireless monochrome laser printer on an office table.
The best gaming laptops in 2022
2019 Razer Blade Pro 17
The best Wi-Fi 6 routers for 2022
The Nighthawk RAXE300 on a tabletop in a home.
The best Chromebooks for 2022: great choices at every price point
Close up of the Chrome logo on the top of a Chromebook.
Best Chromebook deals for October 2022
Google Meets on an HP Chromebook.
Best HP Envy deals for October 2022
An HP Envy 17-inch laptop sits on an office desk.
Best desktop computer deals for October 2022
The HP Pavilion desktop computer accompanied by two gaming monitors and a colorful gaming keyboard.
Best VPN deals and sales for October 2022
A close-up of a computer monitor displaying a generic VPN.
Best refurbished laptops deals and sales for October 2022
microsoft surface laptop go 2020 on desk