Hackers have a new tool that downloads Gmail, Yahoo, Outlook inboxes
Iranian state-sponsored actors are behind the attacks, says Google
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Iranian state-sponsored hackers have built a new tool capable of downloadingGmail, Yahoo, andOutlookinboxes, and are using it against unknown high-profile targets.
This is according to a new report fromGoogle’s Threat Analysis Group (TAG), which managed to obtain a version of the tool and perform an analysis to see just how dangerous it is.
As per the report, the tool in question is called HYPERSCAPE, and was built back in 2020 by the government-backed group known as Charming Kitten.
Charming Kitten attacks
According to Google, the tool works on the attacker’sendpoint, which means victims don’t have to be tricked into downloading anymalware. They do, however, need to either have their account credentials compromised or session cookies stolen, as the attacker first needs to log into their account.
Once that step is achieved, the tool will trick theemail serviceinto thinking it’s being accessed via an outdatedbrowser, and will switch to the basic HTML view.
Iranian hackers blamed for Fortinet and Microsoft Exchange hacks>What happens when we unmask the hackers?>Remove viruses and ransomware with the best malware removal services out there
After that, it will change the inbox’s language to English, start opening emails one by one, and download them into the .eml format. Email messages that were marked as unread before the attack will be marked as unread afterward as well. Once that stage is done, it will delete any warning emails, revert the language back to its original state and disappear.
Apparently, the tool has so far been used against no more than two dozen accounts, all located in Iran. Google says it notified all of them via its Government Backed Attacker Warnings. The tool was written in .NET for Windows PCs, TAG added, saying it tested it with Gmail, “although functionality may differ for Yahoo! andMicrosoftaccounts".
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Earlier versions of HYPERSCAPE also allowed threat actors to request data from Google Takeout, a feature allowing users to export their data to a downloadable archive file. The feature doesn’t seem to be available in the latest version, however.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Owl Labs Meeting Owl 4+ review
