Same Sea, New Phish, Russian Government-Linked Social Engineering Targets App-Specific Passwords

Summary
Keir Giles, a prominent expert on Russian information operations, was targeted with a sophisticated and personalized novel social engineering attack.
The attacker took extensive measures to avoid raising Mr. Giles’ suspicions and deceived him into creating and sending them App-Specific Passwords for his accounts, bypassing Multi-Factor Authentication (MFA).
Google later spotted and blocked the attacker. Their Google Threat Intelligence Group (GTIG) labels the operator Russian state-backed UNC6293, which they link with low confidence to APT29, which is attributed to Russia’s Foreign Intelligence Service (SVR).
We expect more social engineering attacks leveraging App-Specific Passwords in the future.

To read the complete article see:
Citizen Lab

📅 Date Published: June 18, 2025
📰 Source: Citizen Lab
🛑 Tags: Russian, Social Engineering, App-Specific Passwords
🌐 Category: APT