Russian Hackers Exploit Gmail App-Specific Passwords to Bypass 2FA
Russian-linked hacker group APT29 (also known as Cozy Bear) recently launched a targeted phishing campaign, highlighting how Russian hackers exploit vulnerabilities in Gmail’s two-factor authentication (2FA). They did this by abusing Google’s app-specific password feature.
What’s Going On?
APT29, believed to work with Russia’s Foreign Intelligence Service (SVR), is now aiming at government staff, NGOs, and specific high-value individuals who use Gmail. Instead of breaking through firewalls or using malware, they chose a more clever path: tricking people and abusing Google’s built-in features.
How the Attack Works
- First, they send fake emails. These messages look official and ask users to sign in.
- Next, they steal login details. Once someone enters their information, the attackers act fast.
- Then, they create app passwords. With the stolen credentials, they go to the account settings and generate an app-specific password. This allows them to log in without needing a 2FA code.
This method gives them ongoing access, especially through apps that don’t support modern security layers.
Why You Should Care
These hackers aren’t breaking in by force—they’re walking through an open door. They understand how Gmail’s older features work and use that knowledge to bypass even strong protections.
Also, many users forget about app passwords or don’t know they exist, making this method more dangerous.
How You Can Protect Yourself
To stay safe, follow these steps:
- Turn off app passwords if you don’t need them.
- Use stronger 2FA options like security keys (e.g., YubiKey).
- Watch out for email login requests that seem suspicious.
- Check your account’s recent activity using Google’s Security Checkup tool.
Final Thought
Cyberattacks don’t always rely on advanced tools. Sometimes, attackers win by using simple features in unexpected ways. If you use Gmail or Google Workspace, now is the time to review your settings and tighten your security.
