Gmail Hackers Phished Victims for Months

Author: Paul Roberts
minute read

ED: Gmail Hackers Conned Victims for MonthsDEK: An independent security researcher says that victims of the account takeovers were repeatedly phished over almost a year by attackers believed to be located in China. An independent security researcher who was among the first to investigate a large scale phishing attack aimed at U.S. government and military personnel says that attackers controlled victim accounts for months and repeatedly phished victims during that time. Mila Parkour, a Washington D.C. based independent says that victims of the account takeovers were repeatedly phished over almost a year by attackers believed to be located in China. Victims of the attack included government and military personnel in the U.S. and Asian nations, as well as human rights activists and journalists in China and elsewhere, Google said on Wednesday. According to Parkour, the group or individuals responsible for the attack controlled those accounts for more than a year and repeatedly targeted both the legitimate account owner and his or her associates during that time. The attackers used spoofed e-mail addresses and information harvested from the victims’ accounts to engage in “mini conversations” with their victims, Parkour said. “They used personal knowledge for some phishes…they were very persistent and invasive,” she said. Among other things, the attackers continued to try to harvest online credentials from victims – user names and passwords – using the same technique they used, successfully, to gain access to- and control over the users gmail account. “They would send a new message with the same type (of) password harvesting technique. Sometimes even the same message sometimes (a) new (message),” said Parkour, who described herself as a IT administrator who researches malicious programs as a hobby. Google said in a blog post on Wednesday that it had disrupted the campaign, which it traced to  Jinan, China. The campaign affected hundreds of Gmail users, using malware and phishing attacks to harvest user login credentials. The campaign appears to have been designed to monitor the content of users’ email correspondence.An independent security researcher who was among the first to investigate a large scale phishing attack aimed at U.S. government and military personnel says that attackers controlled victim accounts for months and repeatedly phished victims during that time.

ED: Gmail Hackers Conned Victims for Months
DEK: An independent security researcher says that victims of the account takeovers were repeatedly phished over almost a year by attackers believed to be located in China. 
An independent security researcher who was among the first to investigate a large scale phishing attack aimed at U.S. government and military personnel says that attackers controlled victim accounts for months and repeatedly phished victims during that time. 
Mila Parkour, a Washington D.C. based independent says that victims of the account takeovers were repeatedly phished over almost a year by attackers believed to be located in China. 
Victims of the attack included government and military personnel in the U.S. and Asian nations, as well as human rights activists and journalists in China and elsewhere, Google said on Wednesday. According to Parkour, the group or individuals responsible for the attack controlled those accounts for more than a year and repeatedly targeted both the legitimate account owner and his or her associates during that time. 
The attackers used spoofed e-mail addresses and information harvested from the victims’ accounts to engage in “mini conversations” with their victims, Parkour said. 
“They used personal knowledge for some phishes…they were very persistent and invasive,” she said. 
Among other things, the attackers continued to try to harvest online credentials from victims – user names and passwords – using the same technique they used, successfully, to gain access to- and control over the users gmail account. 
“They would send a new message with the same type (of) password harvesting technique. Sometimes even the same message sometimes (a) new (message),” said Parkour, who described herself as a IT administrator who researches malicious programs as a hobby. 
Google said in a blog post on Wednesday that it had disrupted the campaign, which it traced to  Jinan, China. The campaign affected hundreds of Gmail users, using malware and phishing attacks to harvest user login credentials. The campaign appears to have been designed to monitor the content of users’ email correspondence.

An independent security researcher who was among the first to investigate a large scale phishing attack aimed at U.S. government and military personnel says that attackers controlled victim accounts for months and repeatedly phished victims during that time.

Mila Parkour, a Washington D.C. based independent says that victims of the account takeovers were repeatedly phished over almost a year by attackers believed to be located in China. Parkour said in an instant message conversation with Threatpost on Thursday that the group or individuals responsible for the attack controlled those accounts for more than a year and repeatedly targeted both the legitimate account owner and his or her associates during that time.  

Victims of the attack included government and military personnel in the U.S. and Asian nations, as well as human rights activists and journalists in China and elsewhere, Google said on Wednesday

Parkour is an IT administrator who lives in Washington D.C. She does malware research in her free time. Her blog, Contagiodump, was credited by Google with bringing the spear phishing e-mails to light. Parkour told Threatpost that she “collects samples from victims and other researchers” then posts them on the blog for sharing and analysis. She posted on the spear phishing e-mails in February not because they were unusual, but because of the sensitive nature of who they targeted.

According to Parkour, the attackers used spoofed e-mail addresses and information harvested from the victims’ accounts to engage in “mini conversations” with their victims. 

“They used personal knowledge for some phishes…they were very persistent and invasive,” she said, tailoring the spoofed sender address to the recipient based on knowledge gleaned from the compromised accounts. 

Among other things, the attackers continued to try to harvest other online credentials from victims – user names and passwords – using the same technique they used, successfully, to gain access to- and control over the users’ Gmail accounts. 

“They would send a new message with the same type (of) password harvesting technique. Sometimes even the same message sometimes (a) new (message),” said Parkour. 

Google said in a blog post on Wednesday that it had disrupted the campaign, which it traced to  Jinan, China. The campaign affected hundreds of Gmail users, using malware and phishing attacks to harvest user login credentials. The campaign appears to have been designed to monitor the content of users’ email correspondence.

Parkour said she felt that Google did a good job unraveling the scheme and to find other victims of it. “It looks like they exhausted all the leads and found out as much as they could to address it before going public,” she said. 

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.