Google has uncovered a phishing campaign, originating in Jinan – China, targeting senior U.S. government officials, Chinese political activists, officials in several Asian countries (mainly from South Korea), military personnel and journalists.
It appears that the aim of the campaign was too steal passwords and then change the settings for the automatic forwarding of emails and grant others access to the accounts. With access granted or emails automatically forwarded the perpetrators are able to monitor the accounts, presumably for political gain.
Google has now disrupted the campaign and have notified victims while securing their accounts. In addition, Google has notified the relevant government authorities.
The phishing campaign first came to light when Mila Parkour, a network security specialist, blogged about targeted attacks against personal accounts of military, government employees and their associates. According to her blog “victims get a message from an address of a close associate or a collaborating organization/agency, which is spoofed. The message is crafted to appear like it has an attachment with links like View Download and a name of the supposed attachment. The link leads to a fake Gmail login page for harvesting credentials.”