Google announced today that via its “cloud-based security and abuse detection systems,” it uncovered a campaign to collect user passwords, likely through phishing. “This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists,” Eric Grosse, Engineering Director, Google Security Team, wrote in a statement posted earlier today.
“The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.),” Grosse added.
Google said it has notified victims and secured their account, as well as notifying relevant government authorities.
Google stressed that it was able detect and disrupted the attackers efforts to take users’ passwords and monitor their emails and that its internal systems have not been affected. “These account hijackings were not the result of a security problem with Gmail itself. But we believe that being open about these security issues helps users better protect their information online,” Grosse said.
While the exact details are still likely unknown, the incident comes days after the Pentagon announcing that it will consider nation-sponsored cyber attacks to be an act of war against the U.S.
Google said it relied on user reports and an external report on a spear phishng method to uncover the tageted phishing campaign announced today.