Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks

[A Guy]

More of a Social Engineering Attack seems like

Russian hackers have bypassed Google’s multi-factor authentication (MFA) in Gmail to pull off targeted attacks, according to security researchers at Google Threat Intelligence Group (GTIG).

The hackers pulled this off by posing as US Department of State officials in advanced social engineering attacks, building a rapport with the target and then persuading them into creating app-specific passwords (app passwords).

Gmail's multi-factor authentication bypassed by hackers to pull off targeted attacks

A Guy

 

[xrobwx71]

Agreed on the social engineering aspect. They tricked another party into doing some thing. Not a true 2FA "hack".

Either way, they did bypass it.

I came across this in my studies for the CompTIA Security+ exam.

 

[A Guy]

Trying not to be political...but I always hoped our senior security/defense people were the best and the brightest...it's concerning that they don't appear to be now

A Guy