Sophisticated threat actors reportedly originating from Russia have devised a cunning new technique to compromise sensitive Gmail accounts. This method allows them to effectively bypass Multi-Factor Authentication (MFA), a security measure widely considered essential for protecting online accounts.
The attackers are not directly breaking the MFA prompts themselves. Instead, they are exploiting a lesser-known weakness by utilizing stolen application passwords. These specific passwords can be generated by users for older applications that don’t support standard modern login methods, allowing those apps access to the account without triggering the typical MFA challenges that happen during a web or main client login.
Reports indicate these specialized passwords are being acquired through various illicit means, including targeted phishing attacks or leveraging data from previous breaches. Once obtained, an attacker can use this app password to gain full, unfettered access to a user’s Gmail account, including emails, contacts, and potentially connected services, completely sidestepping the extra verification step the user expects from MFA.
This tactic represents a significant concern for cybersecurity, demonstrating that attackers are constantly finding ways around standard defenses. It highlights the critical need for organizations and individuals alike to review their account settings, specifically auditing and revoking any unnecessary or old application passwords that could serve as a backdoor, even when robust MFA is otherwise enabled. Strengthening defenses against credential theft and maintaining vigilance against phishing remain paramount.
Source: https://www.bleepingcomputer.com/news/security/russian-hackers-bypass-gmail-mfa-using-stolen-app-passwords/
