10/ Takeaway: some gov-backed groups are feeling pressure & experimenting.
Moving from smash & grab phishing... to subtler, slower & perhaps less detectable.
By me @jsrailton.bsky.social with Rebekah Brown & @billmarczak.org
https://citizenlab.ca/2025/06/russian-government-linked-social-engineering-targets-app-specific-passwords/
Moving from smash & grab phishing... to subtler, slower & perhaps less detectable.
By me @jsrailton.bsky.social with Rebekah Brown & @billmarczak.org
https://citizenlab.ca/2025/06/russian-government-linked-social-engineering-targets-app-specific-passwords/
Comments
But it's just part of a trend of state-backed attackers innovating.
The folks @volexity.com have some great recent work on similar novel Russian attacks.
https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows/
It's great that GTIG decided to post on this & go public with attribution.
Helpful to victims & other research teams that don't share Google's terrifying actor visibility.
By Gabby Roncone & @wxs.bsky.social
https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia
https://bsky.app/profile/keirgiles.bsky.social/post/3lrja4oxuo22e
Big props to my coauthors Rebekah Brown & @billmarczak.org
& and the many colleagues, collaborators & coworkers that jumped in here to help out and get this report done!
We are all safer when people share their experiences with hacking & social engineering. They are paying it forwards.
- As a troll
- Coincidence, didn't notice (are they zoomers?)
- As a credibility enhancing thing
- An LLM came up with it
- ....?