Skip to main content

Hackers found a way to access Gmail, Outlook, and Yahoo inboxes

Iranian state-sponsored hackers have discovered ways to infiltrate the Gmail, Yahoo, and Outlook inboxes of at least two dozen high-profile users and download their content, according to a report from the Google Threat Analysis Group (TAG).

The government-backed group known as Charming Kitten originally developed a hacking tool called Hyperscape in 2020 and has used it to orchestrate the recent cyberattacks. TAG was able to get a hold of a version of this tool for analysis, TechRadar reported.

NurPhoto/Getty Images

Google explained that the attack works in a stealth fashion where there is no typical hacking ritual, such as tricking a user into downloading malware. Instead, hackers control the tool from their end, taking advantage of vulnerabilities, such as compromised account credentials or stolen session cookies, in order to access an account.

Recommended Videos

While this particular cyberattack may have been politically motivated, Google is clearly interested in how these vulnerabilities might be used by others in the future.

Please enable Javascript to view this content

A recent report from Sophos details how cookie stealing is among the latest trends in cybercrime. Hackers use the method to bypass security measures such as multifactor authentication and access private databases.

In this case, once logged into the email account, hackers use the tool to trick the email service into thinking a browser is outdated, which then switches it to a basic HTML view. Then it changes the inbox language to English and opens emails individually to begin downloading them in a .eml format. The hackers then mark any opened emails as unread and delete any warning emails, set the inbox back to its original language, and exit.

Despite its seemingly smooth execution, Google has learned a lot about the cyberattacks and has notified all of the known accounts that were affected through its Government Backed Attacker Warnings. TAG has deciphered that the tool was written in .NET for Windows PCs and noted attacks might work differently in Yahoo and Outlook inboxes. At this time, the security group has only tested the tool in Gmail.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Experts found a record number of zero-day hacks in 2021
A digital depiction of a laptop being hacked by a hacker.

Google has published the 2021 review of Project Zero, revealing a record amount of zero-days exploits (labeled as “one of the most advanced attack methods”) exhibited by some of the world’s largest technology companies.

Project Zero is an initiative started by Google in 2014 aimed at detailing security defects known as zero-day exploits. These vulnerabilities are dangerous as they essentially remain undetected unless a mitigation system has been implemented, thus leaving systems, databases, and the like completely exposed to hackers.

Read more
How to change your Gmail Inbox theme
Stock Photo Person Using Email

Personalization is everywhere in computing -- for example, take desktop wallpapers and fancy mouse cursors. You customize practically everything about your computing and online life, so why not take a shot at sprucing up your Gmail inbox, too?

The default red and white color scheme of a Gmail inbox can be pretty drab, and it doesn't take much to enhance your inbox theme with brighter colors or stunning photographs. In fact, changing your inbox theme in Gmail is actually pretty easy. If you've never done it before and want to try it out, read on to check out our simple and quick guide to changing the theme of your Gmail inbox.
How to change your Gmail inbox theme
Step 1: Open your browser and go to your Gmail account. Log in to your account.

Read more
Microsoft’s Copilot Vision arrives to surf the web with select users
The Copilot logo

Microsoft's new Copilot Vision feature that can “see what you see, and hear what you hear” while you navigate the internet is finally being made available, though only to a limited number of Copilot Pro subscribers in the U.S.

"Starting today, we are introducing an experience where – with your permission – Copilot can now understand the full context of what you’re doing online," according to a Microsoft blog post. "When you choose to enable Copilot Vision, it sees the page you're on, it reads along with you, and you can talk through the problem you're facing together."

Read more