The Google company announced that tens of thousands of Gmail accounts of Iranian users have been targeted hacked. The attacks seem to be organized by a group of state sponsored hackers few days before presidential elections.
The eleventh election for President of the Republic of Iran are held in June, 2013, with a first round on Friday, 14 June, with a possible runoff on June 21th.
Google this week warned of increased phishing activity, during the last days the company declared to have detected various suspicious activities, following a portion of the bulletin:
“For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region. The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.” declared Eric Grosse Vice President of Security Engineering.
The phishing attacks try to deceive users with emails which appear official, they highjack victims to websites that ask to the victims to reveal data including usernames, passwords, and credit card details.
Just one year ago Google announced a service to provide specific protection for a restrict number of users that could be target for a state-sponsored attack. Every user potentially at risk was advised with a message like the one proposed in the following picture:
Of course the message is just an alert and it must be clear that it doesn’t give the certainty that account has been hacked, it’s a communication to inform the user that its account could be victims of a phishing campaign, of an APT attack or of a malware. The purpose of the initiative is to mitigate or prevent potential damage caused by the attack.
That Google alert remarked
“It’s important to note that Google’s internal systems are not compromised and that this message does not refer to one specific campaign,” the page read. “We routinely receive abuse reports from users, as well as from our internal systems that monitor for suspicious login attempts and other activity.”
Google hasn’t identified the attackers that seem to be the same group behind a Gmail hacking campaign in 2011, in that occasion hackers used for MITM attacks fraudulent digital certificates.
The advisory provided also some suggestion to the Iranian users to protect their Gmail accounts activating 2FA process of authentication provided by the company and verifying the URL visited.
“if you are in Iran, we encourage you to take extra steps to protect your account,” continued Eric Grosse.
Iranian Government is considered one of the most intrusive, the regime applies a strict censorship and its surveillance apparatus is considered one of the most advanced. Early 2012 the government blocked VPN access meanwhile Google services were blocked in October.
Following a few suggestions I proposed in my previous post:
(Security Affairs – Iran, Gmail accounts)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.