Gmail Hacked Google Says A New Attack Can Read All Email Messages

According to a recently released study by Google’s Threat Analysis Group (TAG), an espionage threat group it claims is funded by the Iranian government has a new tool that has been used to successfully hack a select number of Gmail user accounts.

Charming Kitten is the name of the band, however, this feline clearly isn’t cute and has some nasty claws. As Ajax Bash of TAG notes in his study, “used to steal user data from Gmail, Yahoo!, and Microsoft Outlook accounts,” HYPERSCRAPE is indeed the culprit.

Bash verifies that a limited number of Gmail accounts have been hijacked by the state-sponsored gang responsible for the HYPERSCRAPE hack. “We have seen it deployed against fewer than two dozen accounts located in Iran,” Bash said, adding that Google had notified the affected users and “taken actions to re-secure these accounts.”

What Exactly Is HYPERSCRAPE?

Researchers from Google’s Threat Analysis Group (TAG) discovered the HYPERSCRAPE tool in December 2021, although subsequent analysis suggests the earliest attack dates back to 2020.

Gmail Hacked
Gmail Hacked

It pretends to be an antiquated web browser by using spoofing techniques. In this way, the program is able to “see” Gmail inboxes in a simplified HTML format. Each email is downloaded one at a time using HYPERSCRAPE as it sequentially steps through the contents of the hijacked Gmail inbox and other mailboxes.

After this is done, the emails are marked as unread and any security alerts from Google are removed.

And according to Bash, the Google Takeout feature was exploited by some versions of the hacking tool to make a complete backup of user accounts available for download. There is no indication of if or why this function was disabled.


HYPERSCRAPE poses an extremely serious risk to Charming Kitten’s prey. Although the targets will be picked with great care, just a small number of users have been hacked thus far, as Bash has stated. They were all Iranian users.

Moreover, the attackers need the victim’s login credentials in order to carry out HYPERSCRAPE. Again, this lessens the possibility that regular users will be impacted. If a hacker obtains your login information, they will have almost total control over the situation.

When using HYPERSCRAPE, hackers don’t want victims to know that their Gmail accounts have been hacked into. Charming Kitten is an advanced persistent threat group that resets mailboxes to their original state and deletes any security warnings from Google in an effort to conceal its tracks and allow it to repeat the email hacking attack at will.

To “raise awareness on rogue actors like Charming Kitten within the security community,” as well as for the high-risk individuals and organizations that could be targeted by the threat group, Bash said the news of this discovery was being made public.

Protecting Google Mail from HYPERSCRAPE and Other Attacks

If this describes you, Google recommends signing up for the APP and using Enhanced Safe Browsing for Google Accounts. Even if your likelihood of being targeted by HYPERSCRAPE is low, you should not relax your vigilance when it comes to protecting your data.

However, even if you don’t face threats on that scale, having a Google account with a weak password and no two-factor verification puts you in the crosshairs of regular cybercriminals. If a hacker manages to take over your Gmail account, they will effectively control your entire digital life.

A more fundamental security posture can prevent a lot of security problems, including password reset links sent to your email, details of your bank accounts, and personal data.

The Expert’s View On Threat Intelligence

Chief Information Security Officer at Cyjax, Ian Thornton-Trump, says: “One minute we may feel safe, and the next we may feel utterly unsafe, but that’s life in the modern world. To reiterate, I believe that threat models should be the basis for both response and investment.

On-premises deployments can be more secure in some cases, but they typically come at the expense of flexibility. I believe that what we are discovering is that no single approach to cyber security is enough for every organization. Value is added by the availability and responsiveness of vendors.

This is the world we have to deal with. What fascinates me is not so much how we deploy technology with a mindset of “least amount of harm” as it is that “vulnerability or the exploit” is no longer the central focus.”