“ways that attackers phish accounts. the introduction of more secure forms of mfa, such as hardware security keys, has also closed off certain avenues of social engineering. these pressures, among others, are driving attackers towards more complex social - engineering tactics, and…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.001Spearphishing Attachment
69%
“c. working hours, adding an additional element of credibility. setting the stage the message content, timing, and inclusion of official. gov email addresses in the cc field combined to create the appearance of a safe and credible approach. mr. giles described these techniques to …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
65%
“same sea, new phish : russian government - linked social engineering targets app - specific passwords key findings keir giles, a prominent expert on russian information operations, was targeted with a sophisticated and personalized novel social engineering attack. the attacker to…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
58%
“ways that attackers phish accounts. the introduction of more secure forms of mfa, such as hardware security keys, has also closed off certain avenues of social engineering. these pressures, among others, are driving attackers towards more complex social - engineering tactics, and…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
51%
“. g. signal or whatsapp ), and later move to another channel, such as email. these attacks split attack elements between different ecosystems, making it more challenging for platforms and defenders to put the pieces together. volexity recently reported on several such efforts, an…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
“##29 / icecap ( historically known as “ cozy bear ” ). beyond the attack on mr. giles, gtig has identified a second campaign by unc6293 leveraging the same tactics, including ukrainian themes. we note that gtig ’ s blog post contains additional indicators associated with a reside…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
46%
“##29 / icecap ( historically known as “ cozy bear ” ). beyond the attack on mr. giles, gtig has identified a second campaign by unc6293 leveraging the same tactics, including ukrainian themes. we note that gtig ’ s blog post contains additional indicators associated with a reside…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1111Multi-Factor Authentication Interception
45%
“ways that attackers phish accounts. the introduction of more secure forms of mfa, such as hardware security keys, has also closed off certain avenues of social engineering. these pressures, among others, are driving attackers towards more complex social - engineering tactics, and…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
44%
“been phasing out support in google workspaces ; however google still allows users to create and remove these passwords on their personal gmail accounts. enter the app - specific password attack keir giles is a well - known and outspoken academic expert on countering russian infor…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
33%
“litigation, advocacy, and other high - profile topics. for these individuals, who are at greater risk because of who they are or what they do, we recommend enrolling in google ’ s advanced protection program. we think this program would help block similar attacks to what we descr…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1003.001LSASS Memory
32%
“) before moving forward. security teams : watch out for asps for organizations, we recommend ensuring that you are aware of the services where users may enable asps, and ensure that they are disabled unless needed for specific users or use cases. adding education about asps to us…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In May 2025, Keir Giles, a well-known expert on Russian military operations, was targeted with a highly sophisticated and personalized phishing attack. Using a method not previously observed by the Citizen Lab, the attacker posed as a U.S. State Department employee to convince Mr. Giles to create and send app-specific passwords for his email accounts, bypassing multi-factor authentication. Google spotted and blocked the attack, attributing it to a Russian state-backed operator.