Russian Cyberattackers Outsmart MFA: The ASP Trap Unveiled
Russian hackers are at it again, proving that not even your App-Specific Passwords are safe from their digital trickery. UNC6293, linked to the notorious Cozy Bear, has devised a cunning way to make ASPs their playground, bypassing Multi-Factor Authentication like it’s yesterday’s news. Time to double-check your passwords, folks!
Hot Take:
Just when you thought your passwords were safe, in comes a cyberattack that’s sneakier than a cat burglar at a dog show. Russian-linked hackers have upgraded from old-school phishing to a new sophisticated con, using App-Specific Passwords as their backstage pass to your digital life. Looks like MFA is about to have its own MFA (More Fictitious Attacks) to worry about!
Key Points:
- A new cyberattack utilizes App-Specific Passwords (ASPs) to bypass Multi-Factor Authentication (MFA).
- The attack was unveiled by Citizen Lab and Google’s Threat Intelligence Group after targeting Keir Giles.
- The attack involved convincing phishing emails from a fake US State Department official.
- The hackers are linked to UNC6293, suspected to be connected to Russian cyber espionage group APT29 (Cozy Bear).
- Google is working to phase out ASPs for business users while balancing security for personal accounts.
Already a member? Log in here