Skip to main content
  1. Home
  2. Computing
  3. News

Hackers found a way to access Gmail, Outlook, and Yahoo inboxes

Fionna Agomuoh
By

Iranian state-sponsored hackers have discovered ways to infiltrate the Gmail, Yahoo, and Outlook inboxes of at least two dozen high-profile users and download their content, according to a report from the Google Threat Analysis Group (TAG).

The government-backed group known as Charming Kitten originally developed a hacking tool called Hyperscape in 2020 and has used it to orchestrate the recent cyberattacks. TAG was able to get a hold of a version of this tool for analysis, TechRadar reported.

NurPhoto/Getty Images

Google explained that the attack works in a stealth fashion where there is no typical hacking ritual, such as tricking a user into downloading malware. Instead, hackers control the tool from their end, taking advantage of vulnerabilities, such as compromised account credentials or stolen session cookies, in order to access an account.

Related

While this particular cyberattack may have been politically motivated, Google is clearly interested in how these vulnerabilities might be used by others in the future.

A recent report from Sophos details how cookie stealing is among the latest trends in cybercrime. Hackers use the method to bypass security measures such as multifactor authentication and access private databases.

In this case, once logged into the email account, hackers use the tool to trick the email service into thinking a browser is outdated, which then switches it to a basic HTML view. Then it changes the inbox language to English and opens emails individually to begin downloading them in a .eml format. The hackers then mark any opened emails as unread and delete any warning emails, set the inbox back to its original language, and exit.

Despite its seemingly smooth execution, Google has learned a lot about the cyberattacks and has notified all of the known accounts that were affected through its Government Backed Attacker Warnings. TAG has deciphered that the tool was written in .NET for Windows PCs and noted attacks might work differently in Yahoo and Outlook inboxes. At this time, the security group has only tested the tool in Gmail.

Editors' Recommendations

Topics
The 6 biggest problems with ChatGPT right now
ChatGPT and OpenAI logos.
Hack involved the data of a nation’s entire population
A depiction of a hacker breaking into a system via the use of code.
Hackers dug deep in the massive LastPass security breach
The LastPass logo appears in front of a menacing hooded figure.
These 7 AI creation tools show how much AI can really do
Metaphor works like DALL-E and Stable Diffusion but uses AI to fill in prompts with links instead of text or images.
The Galaxy Book 3 Ultra is Samsung’s most powerful laptop ever
Samsung Galaxy Book3 Ultra laptop.
Nvidia may have another monster GPU in the works, and the price could be outrageous
GeForce RTX logo is shown on the side of a graphics card.
AMD’s Ryzen 9 7950X3D pricing keeps the pressure on Intel
A hand holding AMD's Ryzen 9 7950X3D processor.
What is ChatGPT Plus? Everything we know about the premium tier
Close up of ChatGPT and OpenAI logo.
ChatGPT Plus to bring priority access during peak times — at a hefty price
ChatGPT and OpenAI logos.
Usually $3,879, this Lenovo laptop is down to $1,479 today
Opened Lenovo ThinkPad X1 Extreme Gen 4 sitting on the ground.
Get this Asus gaming laptop with an RTX 3060 while it’s $400 off
A side view of an Asus ROG Zephyrus gaming laptop on a white background.
All of Samsung’s videos from today’s Galaxy Unpacked event
Samsung's Galaxy S23 Ultra phone.
Best 2-in-1 laptop deals: Save on Dell, Lenovo, HP and more
A woman uses the trackpad of the HP 14-inch 2-in-1 touch laptop.