Latest news with #WesleyShields
Forbes
01-07-2025
- Forbes
Secure Your Gmail Now As Google Warns Of Password Attacks
Secure your Gmail account now as attacks confirmed. The Google Threat Intelligence Group has warned that UNC6293, a Russian state-sponsored hacking unit, is targeting Gmail users in a recent password-stealing threat campaign affecting users of the world's most popular email platform. This is just one of a string of attacks that stretch back over the years, but have now evolved to include sophisticated 2FA bypass threats, phishing attacks that appear to originate from Google itself, and highly believed hybrid attacks involving human hackers alongside AI-powered ones. Although Gmail is not the only email platform plagued by security threats, it's the large user base and the access to data that a Gmail account password provides that make it such an attractive target. Here's what you need to do to secure yours. How To Secure Your Gmail Account Against Password Hackers Gabby Roncone and Wesley Shields, from the Google Threat Intelligence Group, have published an in-depth report that confirmed one critical attack campaign, executed by Russian state-sponsored hackers who are part of the UNC6293 group, targeted Gmail users with lures designed to persuade them to create an application specific password to allow a third-party app access to their Gmail accounts. One such attack is described on LinkedIn by Kier Giles, a respected researcher of Russian power projections, who said, "Several of my email accounts have been targeted with a sophisticated account takeover that involved impersonating the U.S. State Department.' In mitigation of the UNC6293 application specific password attacks, the Google Threat Intelligence Group said that users have complete control over their ASP's and a notification is sent as soon as one is created to the Gmail account involved and any devices signed in using it, 'to ensure the user intended to enable this form of authentication.' Of course, these attacks involve a lot of social engineering, so protections need to run further than this, which is why Google operates the Advanced Protection Program 'intended for individuals at high risk of targeted attacks and exposure to other serious threats.' Using the APP, prevents an account from creating an ASP at all. More broadly, Gmail users are advised to take action to prevent Gmail hack attacks as follows:
USA Today
08-05-2025
- Politics
- USA Today
Google uncovers Russian malware 'LOSTKEYS' stealing files and system data
Google uncovers Russian malware 'LOSTKEYS' stealing files and system data Show Caption Hide Caption Justice Department pushes to break up Google's search monopoly The Justice Department has begun a three-week hearing to determine how to address Google's illegal monopoly in internet search, with the government calling for major structural changes. unbranded - Newsworthy Alphabet's Google GOOGL.O said on Wednesday it has identified new malware called "LOSTKEYS" tied to the Russian-based hacking group Cold River, which is capable of stealing files and sending system information to attackers. The malware "marks a new development in the toolset" of Cold River, Wesley Shields, a researcher with Google Threat Intelligence Group, said in a blog. Artificial intelligence: Will AI replace Google on your iPhone? Apple thinks so. Here's why. Cold River, a name used to track hacking campaigns previously linked to Russia's Federal Security Service, is primarily known for stealing login credentials for high-profile targets, including those within NATO governments, non-governmental organizations and former intelligence and diplomatic officers, Shields said in the blog. The central goal was intelligence collection in support of Russian strategic interests. Recent targets, observed in January, March and April 2025, include current and former advisers to Western governments and militaries, as well as journalists, think tanks and NGOs, and unnamed individuals connected to Ukraine, according to the blog. The Russian embassy in Washington did not immediately respond to a request for comment. Past high-profile campaigns have included targeting three nuclear research laboratories in the U.S. in the summer of 2022, and the publishing of the private emails of former British spymaster Richard Dearlove, alongside pro-Brexit individuals, in an operation revealed in May 2022. Reporting by Deborah Sophia in Bengaluru and AJ Vicens in Detroit; Editing by Arun Koyyur and Emelia Sithole-Matarise
Indian Express
08-05-2025
- Indian Express
Google identifies new malware linked to Russia-based hacking group
The malware 'marks a new development in the toolset' of Cold River, Wesley Shields, a researcher with Google Threat Intelligence Group, said in a blog. Cold River, a name used to track hacking campaigns previously linked to Russia's Federal Security Service, is primarily known for stealing login credentials for high-profile targets, including those within NATO governments, non-governmental organizations and former intelligence and diplomatic officers, Shields said in the blog. The central goal was intelligence collection in support of Russian strategic interests.
Straits Times
07-05-2025
- Straits Times
Google identifies new malware linked to Russia-based hacking group
New malware called 'LOSTKEYS' is tied to the Russian-based hacking group Cold River, and is capable of stealing files. PHOTO: REUTERS WASHINGTON - Alphabet's Google said on May 7 it has identified new malware called 'LOSTKEYS', tied to the Russian-based hacking group Cold River, which is capable of stealing files and sending system information to attackers. The malware 'marks a new development in the toolset' of Cold River, Mr Wesley Shields, a researcher with Google Threat Intelligence Group, said in a blog. Cold River, a name used to track hacking campaigns previously linked to Russia's Federal Security Service, is primarily known for stealing login credentials for high-profile targets, including those within Nato governments, non-governmental organisations and former intelligence and diplomatic officers, Mr Shields said in the blog. The central goal was intelligence collection in support of Russian strategic interests. Recent targets, observed in January, March and April 2025, include current and former advisers to Western governments and militaries, as well as journalists, think-tanks and NGOs, and unnamed individuals connected to Ukraine, according to the blog. The Russian embassy in Washington did not immediately respond to a request for comment. Past high-profile campaigns have included targeting three nuclear research laboratories in the US in the summer of 2022, and the publishing of the private emails of former British spymaster Richard Dearlove, alongside pro-Brexit individuals, in an operation revealed in May 2022. REUTERS Join ST's Telegram channel and get the latest breaking news delivered to you.
Mint
07-05-2025
- Politics
- Mint
Google uncovers ‘LOSTKEYS' malware linked to Russian-backed Cold River hackers
Google has uncovered a new strain of malware, dubbed "LOSTKEYS", believed to be the work of Cold River, a Russian-aligned hacking group reportedly connected to the country's Federal Security Service (FSB), reported Reuters. According to a blog post published on Wednesday by Google's Threat Intelligence Group (GTIG), the newly identified malware represents a significant advancement in Cold River's cyber capabilities. LOSTKEYS is designed to steal files and transmit system data back to its operators, expanding the group's known toolkit for espionage. Wesley Shields, a researcher at GTIG, stated that the malware signals 'a new development in the toolset' used by the group, which has a history of targeting sensitive political and strategic entities. Cold River, also known under various aliases, has been linked to previous cyber operations aimed at high-profile Western individuals and institutions. The group's primary mission, experts say, is the collection of intelligence that furthers Russian geopolitical interests. Recent surveillance by Google's researchers shows that, between January and April 2025, Cold River targeted advisers—both current and former—to Western governments and military institutions. Other victims reportedly included journalists, international think tanks, non-governmental organisations, and individuals associated with Ukraine. The Russian embassy in Washington has yet to respond to requests for comment on the allegations. Cold River has previously drawn attention for its audacious operations. In mid-2022, the group was accused of targeting three nuclear research facilities in the United States. Later that year, it was implicated in the leaking of private emails belonging to former British intelligence chief Sir Richard Dearlove, alongside other individuals associated with pro-Brexit activities. Cybersecurity analysts warn that the emergence of LOSTKEYS underscores a broader escalation in cyber espionage tactics being employed by state-linked actors. Google has urged targeted organisations and individuals to remain vigilant and adopt updated security measures to mitigate potential risks.
