Profile
A new phishin...
Russian Hackers Use Gmail Phishing to Target Critics
June 24, 2025 -
2 minutes, 49 seconds
Russian hackers Gmail phishing campaign: What you need to know
A new phishing campaign led by Russian hackers is targeting Gmail users, specifically international critics and academics. The attackers are impersonating the U.S. State Department to trick users into sharing their Gmail app-specific passwords. If you're wondering how Russian hackers Gmail phishing scams work and who’s at risk, here’s what’s happening—and how to stay safe.
How the Russian phishing attack works
This sophisticated campaign, attributed to a group Google tracks as UNC6293, begins with emails spoofed to appear as if they come from legitimate @state.gov addresses. These aren't your typical phishing messages. Instead of deploying malware immediately, the hackers use slow, calculated social engineering to build trust. Victims are often drawn into one-on-one communication, sometimes even receiving personalized messages or fake meeting invites from supposed U.S. officials.
App-specific password theft through fake invitations
One key technique in this Russian hackers Gmail phishing scam is the use of fake Google sign-in processes. Victims are sent what appears to be a secure PDF invitation from the U.S. Department of State, asking them to log into a Department of State cloud environment. In reality, this is a well-crafted fake website. Victims are asked to generate a 16-character app-specific password (ASP) at Google’s official settings page—then unknowingly share it with the attackers, giving them direct access to their Gmail accounts.
Who is being targeted and why it matters
The primary targets include academics, researchers, and vocal critics of the Russian regime. For example, Keir Giles, a British expert on Russian affairs, revealed that several of his accounts had been targeted in this exact manner. Google’s Threat Intelligence Group believes this effort may be tied to APT29 (also known as Cozy Bear), a Russian state-backed group previously involved in cyberespionage. The deliberate nature of this campaign shows how far state-sponsored hackers will go to silence dissent and collect sensitive information.
Related Posts
Photos
Contact Information
Suggested Writers
-
2.4K articles
-
1.3K articles
-
34 articles
-
28 articles








Comment