ArsTechnica has reported a recent phishing campaign targeted US government officials, activists, and journalists that has succeeded in bypassing the two-factor authentication protections offered by Gmail and Yahoo Mail. The 2FA authentication technique bypassed was SMS-based OTPs which has been considered more or less secure owing to the fact that the OTP is sent to the user’s mobile which is in possession of the user.
The report alleges that attackers working on behalf of the Iranian government collected detailed information on targeted individuals and then sent them spear-phishing emails containing a hidden image that alerted the attackers in real time when targets viewed the messages. This enabled the attackers to present false login pages that collected user-supplied credentials and used them on the real login page in real time to compromise their email accounts.
Arstechnica has reported the involvement of Iranian cyber-espionage groups Charming Kittens and Rocket Kittens in these attacks. This is of particular concern as emails are used for spreading Shamoon virus.
Release Date: 14th December 2018
Target: Gmail and Yahoo Mail as of current reports
Distribution Method: Email
Discovered by: Certfa Lab and ArsTechnica(See attached file: 2FA Authentication Breach.pdf)