Google’s Gmail has put in place several robust security measures to protect user data. Having a strong password and enabling 2-Step Verification are the two basic features that users are encouraged to use to stay protected online. However, it was recently discovered that a powerful hacking group based in North Korea, has devised means of accessing user accounts and silently reading emails without needing login credentials.
Forbes has reported the discovery of a malware called SHARPEXT, believed to have been developed by North Korean threat group, SharpTongue. According to the article, the discovery was made by cybersecurity firm, Volexity which explains that the malware works by 'directly inspecting and exfiltrating' data from Gmail accounts as users browse.
The bug can reportedly steal email from Gmail and AOL webmail accounts and is effective on Google and Microsoft browsers. According to the Forbes piece:
There is nothing to alert Google and the user that someone has logged into Gmail from a different browser, machine, or location. Bypassing this protection is crucial as it means the threat actors can remain truly persistent, reading all the received and sent emails as if they were the user themselves.
Are you a target?
Cybersecurity experts suspect hackers have espionage intentions for launching these attacks and would probably be targeting government officials, security agencies and journalists among others.
However, the average user is not the target of the group and so should not worry too much about its activities. Ian Thornton-Trump is a former criminal intelligence analyst with the Royal Canadian Mounted Police.
Email attacks have broad impact and are perfect for lateral movement into third-party apps as well as access to sensitive information.