Skip to main content

Hackers found a way to access Gmail, Outlook, and Yahoo inboxes

Iranian state-sponsored hackers have discovered ways to infiltrate the Gmail, Yahoo, and Outlook inboxes of at least two dozen high-profile users and download their content, according to a report from the Google Threat Analysis Group (TAG).

The government-backed group known as Charming Kitten originally developed a hacking tool called Hyperscape in 2020 and has used it to orchestrate the recent cyberattacks. TAG was able to get a hold of a version of this tool for analysis, TechRadar reported.

NurPhoto/Getty Images

Google explained that the attack works in a stealth fashion where there is no typical hacking ritual, such as tricking a user into downloading malware. Instead, hackers control the tool from their end, taking advantage of vulnerabilities, such as compromised account credentials or stolen session cookies, in order to access an account.

While this particular cyberattack may have been politically motivated, Google is clearly interested in how these vulnerabilities might be used by others in the future.

A recent report from Sophos details how cookie stealing is among the latest trends in cybercrime. Hackers use the method to bypass security measures such as multifactor authentication and access private databases.

In this case, once logged into the email account, hackers use the tool to trick the email service into thinking a browser is outdated, which then switches it to a basic HTML view. Then it changes the inbox language to English and opens emails individually to begin downloading them in a .eml format. The hackers then mark any opened emails as unread and delete any warning emails, set the inbox back to its original language, and exit.

Despite its seemingly smooth execution, Google has learned a lot about the cyberattacks and has notified all of the known accounts that were affected through its Government Backed Attacker Warnings. TAG has deciphered that the tool was written in .NET for Windows PCs and noted attacks might work differently in Yahoo and Outlook inboxes. At this time, the security group has only tested the tool in Gmail.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Hackers broke into Outlook.com using worker’s credentials, Microsoft says
how to delete a user on a Mac

Hackers compromised Microsoft's web-based email services, including Outlook.com accounts and MSN and Hotmail addresses, for months by using a customer support agent's credentials.

In an email sent to affected users, Microsoft said that the hackers were possibly able to access email addresses, subject lines of emails, folder labels, and the names of other email addresses that the user contacted. Fortunately, the content of emails, including attachments, were not compromised, nor were login credentials such as passwords.

Read more
Hackers find a way to bypass Gmail two-factor authentication
Macbook with Gmail

Two-factor authentification has been hailed as a significant move forward in providing online security, letting us log in with confidence to sites such as Gmail. Websites that once required an insecure password now need a complex password with a second form of authentication from a mobile device, or implement other two-factor systems. However, as with everything, two-factor authentication isn't impervious to flaws, and a new report by Amnesty International details how hackers have been phishing two-factor codes.

Authenticating with a two-factor system is two-step, as hinted by the name, and will typically involve asking a user to enter both a password and a code, either generated by or sent to a mobile device. This secure option does indeed help to prevent hackers from accessing user accounts if they have only gained access to one factor, such as your password, if a website's data has been breached. But, if you unknowingly give your two-factor code over to a malicious individual or site, the system has been defeated.

Read more
Google tells lawmakers it allows other apps access to your Gmail
A person accessing Gmail via their phone and laptop.

Even though Google has ceased the practice of scanning user's Gmail accounts to serve ads, the search giant admitted in a letter to lawmakers that -- with user consent -- it still allows third-party apps access to your messages. Google's letter will likely set the tone for what lawmakers will discuss at a congressional hearing scheduled for September 26 on digital privacy with technology companies, including Amazon, Apple, AT&T, Charter Communications, Google, and Twitter.

Google defended its policy in the letter, stating that it makes its privacy policy easily accessible to users to review before granting access to third-party developers, and that developers may also share the data gleaned from emails obtained from Gmail users with other service providers. "Developers may share data with third parties so long as they are transparent with the users about how they are using the data," Google Vice President of Public Policy and Government Affairs for the Americas Susan Molinari wrote in the letter that was sent in July to lawmakers and obtained by CNNMoney.

Read more