Russian Hackers Bypass Gmail MFA Using Stolen App Passwords

Russian hackers are bypassing Gmail's multi-factor authentication (MFA) and accessing accounts using stolen application-specific passwords. These advanced social engineering attacks are carried out by impersonating officials from the U.S. Department of State. The hackers exploit the application-specific passwords to access Gmail accounts, even when MFA is enabled. The technical details of the attack are not specified, but the impact is significant as it allows attackers to compromise Gmail accounts secured by MFA.