Risky Bulletin Risky Bulletin: Russian hackers abuse app-specific passwords to bypass MFA
Jun 20, 2025
Russian hackers are breaching security measures by misusing app-specific passwords to bypass multi-factor authentication. The identification of the tenth Salt Typhoon victim marks a significant escalation in cyber threats. A shocking $90 million was stolen from an Iranian crypto exchange by a group known as Predatory Sparrow. Meanwhile, Argentina takes action against a Russian disinformation gang, highlighting the global dimensions of cyber warfare and espionage. The landscape of cybersecurity continues to evolve amidst these alarming incidents.
AI Snips
Chapters
Transcript
Episode notes
Hackers Bypass MFA with App Passwords
- Russian hackers exploit app-specific passwords to bypass Gmail multi-factor authentication (MFA).
- These passwords let older apps without MFA support access accounts, which hackers trick victims into sharing.
Salt Typhoon Espionage Hits Big Firms
- The Chinese espionage group Salt Typhoon has hit at least ten victims, including major U.S. companies.
- Victims list includes Verizon, AT&T, Comcast, Digital Realty, and recently Viasat.