Takeover of British Russia expert’s email accounts used novel phishing tactic therecord.media/keir-gile…

Email accounts belonging to a well-known British expert on Russia were targeted with a highly customized and novel social engineering attack that relied on the use of app-specific passwords (ASPs) to get around multi-factor authentication (MFA), new research shows.

Google detected the hack, which was likely executed by a Russian state-sponsored group, according to a report published Wednesday by the company’s Threat Intelligence Group (GTIG).

The Citizen Lab, a digital forensic research organization, released its own report Wednesday summarizing Google’s findings and providing more details on the attack and how such tactics are deployed broadly.