British Russia Expert Targeted in Sophisticated Email Hack Using AI-Driven Phishing

A prominent UK expert on Russian affairs was the victim of a complex cyberattack that exploited Google’s app-specific passwords (ASPs) to bypass multi-factor authentication (MFA), according to new reports from Google and Citizen Lab.

Keir Giles, a specialist in Russian disinformation, was tricked into sharing ASPs by attackers posing as U.S. State Department officials. The emails invited him to join a fictitious “secure platform,” backed by convincing documentation and spoofed government addresses. In reality, the ASP gave hackers full access to his email accounts.

Citizen Lab and Google’s Threat Intelligence Group say the campaign likely originated from UNC6923, a suspected Russian state-backed group. The operation displayed “unusual patience and polish,” with over ten carefully crafted email exchanges before Giles was duped into revealing his credentials.

This marks the first known use of ASPs in a phishing attack of this kind, the researchers say, and may herald a new wave of social engineering tactics as traditional phishing methods become less effective.

Google said the incident resulted from phishing, not a flaw in its system, but Giles was critical of the loophole. “It’s like installing locks on your front door but leaving the window open,” he said.

The attack was detected by Google nearly two weeks later, on 4 June. Researchers believe this new tactic could be reused against others, especially high-profile individuals. Giles, meanwhile, says he’s waiting to see how the stolen data is used — likely through smear campaigns by proxy organisations.