UNC6293 lured researcher to provide a screenshot of an app-specific password that could be used in the absence of multi-factor authentication support.
Sophisticated account takeover intrusions impersonating the U.S. State Department and aimed at the British researcher Keir Giles have been perpetrated by suspected Russian state-backed threat operation.
Giles, a researcher on Russia, was targeted by UNC6293, which is believed to be associated with APT29, also known as Cozy Bear or ICECAP, CyberScoop reports.
UNC6293 was able to compromise Giles' accounts over a weeks-long process after luring him to provide a screenshot of an app-specific password that could be used in the absence of multi-factor authentication support, according to findings from the University of Toronto's Citizen Lab.
Other academics and Russia critics were also reported by the Google Threat Intelligence Group to have been targeted by the attacks since April. "Normally we see APT29 or ICECAP targeting larger diplomatic organisations, NGOs — really going after corporate entities or large organisations. Whereas in this case, we're seeing only individuals being targeted, and not only that, but individuals being targeted in a very specific and patient way," said GTIG security researcher Wesley Shields.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
