The criminals behind the campaign have broken into hundreds of Gmail accounts belonging to "U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists," among others,
The company believes that the accounts were compromised "likely through phishing" by a cybercampaign run out of Jinan, China. That's the city whose Lanxiang Vocational School was to the December 2009 attacks on Google's back-end systems. The targets of the 2009 campaign were human rights activists, and activists were also hit by this recent phishing campaign, Google said.
The phishing campaign was first publicly disclosed by the blog Contagio Malware Dump, that government personnel and contractors were being hit with what are known as spear-phishing attacks. These attacks use specially crafted e-mail messages, written to appear like they come from someone known to the victim.
Victims were sent spoofed e-mail messages that looked like they came from friends or partner agencies, including targets in the U.S. Department of State, the Office of the Secretary of Defense, and Defense Intelligence, Contagio Malware Dump reported. "The message is crafted to appear like it has an attachment with links like View Download and a name of the supposed attachment. The link leads to a fake Gmail login page for harvesting credentials," Contagio Malware Dump said.
Once they had access to the Gmail accounts, the hackers then forwarded e-mail to their own addresses and harvested the data they found in order to launch future attacks.