Skip to main content
  1. Home
  2. Computing
  3. News

Hackers found a way to access Gmail, Outlook, and Yahoo inboxes

By

Iranian state-sponsored hackers have discovered ways to infiltrate the Gmail, Yahoo, and Outlook inboxes of at least two dozen high-profile users and download their content, according to a report from the Google Threat Analysis Group (TAG).

The government-backed group known as Charming Kitten originally developed a hacking tool called Hyperscape in 2020 and has used it to orchestrate the recent cyberattacks. TAG was able to get a hold of a version of this tool for analysis, TechRadar reported.

NurPhoto/Getty Images

Google explained that the attack works in a stealth fashion where there is no typical hacking ritual, such as tricking a user into downloading malware. Instead, hackers control the tool from their end, taking advantage of vulnerabilities, such as compromised account credentials or stolen session cookies, in order to access an account.

Recommended Videos

While this particular cyberattack may have been politically motivated, Google is clearly interested in how these vulnerabilities might be used by others in the future.

Please enable Javascript to view this content

A recent report from Sophos details how cookie stealing is among the latest trends in cybercrime. Hackers use the method to bypass security measures such as multifactor authentication and access private databases.

Related

In this case, once logged into the email account, hackers use the tool to trick the email service into thinking a browser is outdated, which then switches it to a basic HTML view. Then it changes the inbox language to English and opens emails individually to begin downloading them in a .eml format. The hackers then mark any opened emails as unread and delete any warning emails, set the inbox back to its original language, and exit.

Despite its seemingly smooth execution, Google has learned a lot about the cyberattacks and has notified all of the known accounts that were affected through its Government Backed Attacker Warnings. TAG has deciphered that the tool was written in .NET for Windows PCs and noted attacks might work differently in Yahoo and Outlook inboxes. At this time, the security group has only tested the tool in Gmail.

Editors’ Recommendations

Topics
Fionna Agomuoh
Fionna Agomuoh
Former Digital Trends Contributor
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
How to change your Gmail Inbox theme
Stock Photo Person Using Email

 

Personalization is everywhere in computing -- for example, take desktop wallpapers and fancy mouse cursors. You customize practically everything about your computing and online life, so why not take a shot at sprucing up your Gmail inbox, too?

Read more
Microsoft Teams online vs. desktop: Which is best?
Microsoft Teams chat.

Microsoft Teams is one of the most popular team collaboration and communication tools available -- we even use Microsoft Teams here at Digital Trends. You can use it in a few different ways, too, including the web service or local desktop application. But which should you use, the desktop app or the web app?

There are some advantages and disadvantages to using Teams either online or on the desktop. Let's take a look at them to help you decide which is best for you.

Read more
How to keep your Microsoft Teams status active
Man uses Microsoft Teams on a laptop in order to video chat.

Keeping your Microsoft Teams status as "Active" can be a stressful experience if your boss is constantly looking over your shoulder. It might not be the most common Teams problem, but it's one we've all experienced at some point. While you might be getting on with something productive, if the person in charge doesn't know that and doesn't take kindle to "Busy" statuses, you may want to try some tricks to keep your status active when using Microsoft Teams.

Fortunately there are a number of ways you can do that, from the honest and transparent, to the slightly sneaky. No judgement here. You do what you need to do. We're just here to teach you how to keep your Team status active.

Read more