Suspected Russian Hackers Use Sophisticated New Tactic to Target UK Researcher
Suspected Russian hackers deployed a novel and highly convincing tactic to trick British researcher Keir Giles into compromising his own accounts, according to Giles and cybersecurity experts.
Last month, the hackers impersonated a U.S. State Department official named “Claudie Weber” who contacted Giles via email to arrange a meeting requiring use of a secure government app. Although the email came from a Gmail address, the communication was fluent, idiomatic, and included apparent State Department colleagues copied on the exchange. Giles, a seasoned expert on Russia and espionage, was usually wary but was eventually deceived by the professionalism and persistence over nearly two weeks.
Giles provided an app-specific password—a credential that grants third-party app access but can bypass regular password protections—thus exposing his account.
Alphabet’s Google attributed the attack to the Russian government, citing similarities to prior campaigns. The Russian Foreign Ministry did not respond to inquiries. Giles described the operation as seamless, with no obvious red flags even in hindsight.
Cybersecurity researchers from Citizen Lab noted the attack’s fluency might indicate the use of advanced AI, such as large language models, to craft convincing messages—marking a significant upgrade from typical error-ridden phishing attempts. They also pointed out that the hackers exploited the lack of error messages when sending emails to fake State Department addresses.
This sophisticated social engineering attack highlights evolving cyber threats where even cautious experts can be deceived by carefully orchestrated campaigns.
The U.S. State Department did not immediately comment on the incident.