Unusually patient suspected Russian hackers pose as State Department in \u2018sophisticated\u2019 attacks on researchers | CyberScoop<\/title> <meta name=\"description\" content=\"A report out Wednesday from the University of Toronto\u2019s Citizen Lab calls out a \u201cnovel method\u201d Russian hackers used to bypass one of the most well-regarded cyber defense tools, multi-factor authentication (MFA).\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/russian-hackers-state-department-sophisticated-attacks-researchers-citizen-lab\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Unusually patient suspected Russian hackers pose as State Department in \u2018sophisticated\u2019 attacks on researchers\"> <meta property=\"og:description\" content=\"A report out Wednesday from the University of Toronto\u2019s Citizen Lab calls out a \u201cnovel method\u201d Russian hackers used to bypass one of the most well-regarded cyber defense tools, multi-factor authentication (MFA).\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/russian-hackers-state-department-sophisticated-attacks-researchers-citizen-lab\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-06-18T17:00:00+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1283\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1750115417g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1748220166g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84936\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84936\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Frussian-hackers-state-department-sophisticated-attacks-researchers-citizen-lab%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Frussian-hackers-state-department-sophisticated-attacks-researchers-citizen-lab%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84936 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/russian-hackers-state-department-sophisticated-attacks-researchers-citizen-lab\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.902173913043\">\n<div class=\"single-article__header-content\" readability=\"36.622601279318\">\n<p> They weren\u2019t in any hurry, according to Citizen Lab, and used an interesting attack vector. Google Threat Intelligence Group also provided details on the attacks. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84936\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"428\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers.jpg?resize=640%2C428&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers-2.jpg?resize=768,513 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers-2.jpg?resize=1024,684 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers-2.jpg?resize=1536,1026 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers-2.jpg?resize=600,401 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers-2.jpg?resize=251,168 251w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers-2.jpg?resize=504,337 504w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers-2.jpg?resize=1010,675 1010w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers-2.jpg?resize=1262,843 1262w\" sizes=\"(max-width: 1010px) 100vw, 1010px\"><figcaption> Russian President Vladimir Putin delivers a speech standing in front of the monument “Fatherland, Valor, Honor” outside of the Foreign Intelligence Service of the Russian Federation (SVR) in Moscow on June 30, 2022. (Photo by Mikhail Metzel \/ Sputnik \/ AFP) (Photo by MIKHAIL METZEL\/Sputnik\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"83.324084051724\"><body readability=\"170.39965645577\"><\/p>\n<p>The hackers targeting prominent researcher and Russian military expert Keir Giles were different this time. <\/p>\n<p>The attackers, suspected to be working on behalf of the Russian government, had ginned up the May solicitation email for a consultation with a state.gov address, one that didn\u2019t get a bounceback message when Giles replied. They spoke convincing English, and delivered their message during East Coast business hours. He said they created a realistic domain name to direct him to, rather than using a random string of text. They weren\u2019t in a hurry, pressuring him to respond the way hackers usually do.<\/p>\n<p>\u201cUnlike any of the previous times when they\u2019ve had a go at me, I haven\u2019t actually seen anywhere they\u2019ve put a foot wrong and done something which is implausible,\u201d Giles, who is also a senior consulting fellow for the Russia and Eurasia program at the British think tank Chatham House, told CyberScoop. \u201cIt was totally straight up and very well-constructed from beginning to end.\u201d<\/p>\n<p>A <a href=\"https:\/\/citizenlab.ca\/2025\/06\/russian-government-linked-social-engineering-targets-app-specific-passwords\/\">report out Wednesday<\/a> from the University of Toronto\u2019s Citizen Lab that calls the targeting of Giles a \u201chighly sophisticated attack\u201d also details a \u201cnovel method\u201d the hackers used to bypass one of the most well-regarded cyber defense tools, multi-factor authentication (MFA).<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>As Citizen Lab is publishing its forensic analysis of what happened with Giles, Google\u2019s Threat Intelligence Group is also releasing <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/creative-phishing-academics-critics-of-russia\">a related blog post<\/a> on who is behind the compromise of Giles\u2019 accounts, and how he\u2019s not the only one they\u2019ve targeted with that specific technical attack method.<\/p>\n<p>Giles warned over the weekend in <a href=\"https:\/\/www.linkedin.com\/posts\/keir-giles-499a489_hack-alert-several-of-my-email-accounts-activity-7339380839400546305-A6EK\/?utm_source=share&utm_medium=member_desktop&rcm=ACoAABVut9oBUCG1b2AlrX2f6UlpfOMGSOHMMQg\">a LinkedIn post<\/a> about the State Department impersonators who had compromised his account, promising \u201cmore on the how, what and when later.\u201d <\/p>\n<p>The \u201chow\u201d involved the credible social engineering aspects that he and Citizen Lab have revealed. On the technical side, the final step was convincing Giles to create and share a screenshot of an app-specific password (ASP), a tool that can be used to give third parties access to users\u2019 accounts that don\u2019t support multi-factor authentication. ASPs are meant to be a convenience and security aid when using third parties without MFA, but in this case the hackers leveraged them to compromise Giles\u2019 Google accounts.<\/p>\n<p>Google picked up on what was happening, then sent Giles a security alert and locked his accounts.<\/p>\n<p>\u201cThe days of just tricking someone to hand over a password are over,\u201d John Scott-Railton, senior researcher at Citizen Lab, told CyberScoop. \u201cCompanies are getting smarter about detecting hacking, and have given users a lot of new security features, like muti-factor authentication. Users have also gotten wiser to what classic phishing looks like.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cSo the more sophisticated hacking groups are constantly innovating and trying to spot new technical and psychological tricks to get access to accounts,\u201d he continued. \u201cThis means that they are also probing other ways of gaining access, <a href=\"https:\/\/www.volexity.com\/blog\/2025\/02\/13\/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication\/\">like tokens<\/a> and app-specific passwords.\u201d<\/p>\n<p>The Google Threat Intelligence Group (GTIG) assessment is that the hackers in this case, which they\u2019ve dubbed UNC6293, are potentially connected to a unit tied to Russia\u2019s Foreign Intelligence Service, known by names such as APT29, Cozy Bear or ICECAP. The attacks on Giles aren\u2019t the only slow-roll, ASP-based ones GTIG researchers have seen on academics and Russia critics from April through earlier this month, although they couldn\u2019t give precise numbers.<\/p>\n<p>It\u2019s not, though, \u201cwidespread\u201d by any means, said Wesley Shields, a security engineer with GTIG. Because the process is so time-consuming, it would be difficult to repeat on a larger scale, said Shields and Gabriella Roncone, Russia and Eastern European tech lead at GTIG.<\/p>\n<p>\u201cNormally we see APT29 or ICECAP targeting larger diplomatic organizations, NGOs \u2014 really going after corporate entities or large organizations,\u201d Roncone said. \u201cWhereas in this case, we\u2019re seeing only individuals being targeted, and not only that, but individuals being targeted in a very specific and patient way.\u201d<\/p>\n<p>That patience was a standout feature to Scott-Railton as well.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWhat impresses me about this attack is how patient the attackers were, slowly unfolding their deception over a period of weeks. It\u2019s as if they knew everything we\u2019d been taught to expect from Russian hackers, and then did the opposite,\u201d Scott-Railton said.<\/p>\n<p>The deception required a lot of effort and knowledge. For instance, the attackers were likely aware that the State Department\u2019s email server is set up to accept all messages, and that it doesn\u2019t send a bounceback message for non-existent addresses, according to the Citizen Lab report. The email\u2019s authentic-sounding English might have been improved with the use of a large language model.<\/p>\n<p>\u201cThere was not something about it, which, as so often happens, it gets your Spidey sense going, because something is off,\u201d Giles said. \u201cThat was completely absent.\u201d<\/p>\n<p>Giles presumes a leak of any information the hackers obtained, with a mix of phony and altered data, is forthcoming. He quipped that if their goal was espionage, \u201cthey would have very quickly got very disappointed.\u201d He was still hearing from the attackers even after he posted about it on social media, with the account he\u2019d interacted with \u201ccomplaining of technical difficulties and saying, \u2018Bear with us a bit longer.\u2019\u201d <\/p>\n<p>Giles said he was frustrated that he didn\u2019t get an alert from Google about the risks of ASPs, and believed that since Google Workspace was a paid-for service, he would\u2019ve gotten an explanation or more support from the company as opposed to shutting the account and saying it had been closed for security violations.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Google\u2019s blog post said it does send such alerts about ASPs. It also encouraged users who could be at great risk of being hacked to sign up for its Advanced Protection Program, which forbids the use of ASPs.<\/p>\n<p>Scott-Railton praised Giles, potentially the \u201cpatient zero\u201d for this kind of attack, for speaking up about it.<\/p>\n<p>Giles said he was \u201cfairly relaxed\u201d about being victimized.<\/p>\n<p>\u201cNobody\u2019s invulnerable, and they had been trying so very hard for so very long that it was bound to get through eventually,\u201d he said.<\/p>\n<p>During a round of cyberattacks last year, Giles said, \u201cOne of the really frustrating things was the people who had been infected and whose accounts were being leveraged to target me then, who were absolutely unwilling to talk about it because they were too embarrassed\u2026 they really limited what you could do with some of this stuff.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cSo I\u2019m not inclined to cover up the way in which they succeeded in outwitting me,\u201d he said. \u201cI guess if they\u2019re spending this much effort on me, there are other more important targets that are getting less attention as a result. So that\u2019s not such a bad thing.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/russian-hackers-state-department-sophisticated-attacks-researchers-citizen-lab\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unusually patient suspected Russian hackers pose as State Department in<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4449,4450,1808,2045,387,3729,4451,1396,268,270,310,288],"tags":[4452,4453,1811,2050,391,3731,4454,1397,274,276,311,294],"class_list":["post-7744","post","type-post","status-publish","format-standard","hentry","category-academia","category-application-specific-passwords","category-apt29","category-citizen-lab","category-google","category-google-threat-intelligence-group","category-keir-giles","category-multi-factor-authentication-mfa","category-privacy","category-russia","category-technology","category-threats","tag-academia","tag-application-specific-passwords","tag-apt29","tag-citizen-lab","tag-google","tag-google-threat-intelligence-group","tag-keir-giles","tag-multi-factor-authentication-mfa","tag-privacy","tag-russia","tag-technology","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/academia\/\" rel=\"category tag\">academia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/application-specific-passwords\/\" rel=\"category tag\">application specific passwords<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/apt29\/\" rel=\"category tag\">APT29<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/citizen-lab\/\" rel=\"category tag\">Citizen Lab<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/keir-giles\/\" rel=\"category tag\">Keir Giles<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/multi-factor-authentication-mfa\/\" rel=\"category tag\">multi-factor authentication (MFA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/privacy\/\" rel=\"category tag\">Privacy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7744","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7744"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7744\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7744,"date":"2025-06-18T12:00:00","date_gmt":"2025-06-18T17:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84936"},"modified":"2025-06-18T12:00:00","modified_gmt":"2025-06-18T17:00:00","slug":"unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/06\/18\/unusually-patient-suspected-russian-hackers-pose-as-state-department-in-sophisticated-attacks-on-researchers\/","title":{"rendered":"Unusually patient suspected Russian hackers pose as State Department in \u2018sophisticated\u2019 attacks on researchers"},"content":{"rendered":"