Corporate Gmail Accounts Being Targeted by New Attack Toolkit
A hacking group has a new toolkit for breaking into business Gmail accounts. If you use Gmail for work, take extra security steps.
Source
DataBreaches.net
Original headline: Kaspersky Lab experts have discovered a new attack vector and toolkit for compromising corporate Gmail accounts
Plain-English summary by GetCyberRight. Read the full report at the source above.
Kaspersky Lab experts discovered a new attack toolkit used by a hacking group called ToddyCat. This toolkit is designed to compromise corporate Gmail accounts. Once attackers gain access through an API, they can read email conversations, harvest data from calendars, and access other Google services. The attackers can remain undetected for long periods of time while collecting information. This affects people who use Gmail through their workplace, particularly if your company uses Google Workspace for business.
If you have a work email address that ends in your company name but runs on Gmail, this applies to you. Personal Gmail accounts used for home and family purposes are not the focus of this particular attack toolkit.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
If you use Gmail for work, strengthen your account security immediately.
- Enable two-factor authentication on your work Google account if you have not already done so. Ask your IT department for help if needed.
- Review the devices and applications that have access to your work Gmail. Go to your Google account security settings and remove any unfamiliar apps or devices.
- Watch for unusual activity like emails marked as read that you never opened, or calendar events you did not create.
- Report any suspicious activity to your IT or security team right away. For long-term protection, make two-factor authentication standard on all your important accounts, both work and personal. Regularly review which apps and services have permission to access your email and other accounts. Remove access for anything you no longer use or do not recognize. If your employer offers security training, take it seriously. These business-focused attacks remind us that workplace security practices matter just as much as protecting our personal accounts at home.
Curated from trusted cybersecurity sources by GetCyberRight
Source: DataBreaches.netStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

Government and Critical Infrastructure Systems Targeted in Southeast Asia
A hacking group linked to China compromised at least 10 organizations in Southeast Asia, including two government-owned entities.
2 min read
Foreign Hackers Target Critical Infrastructure in Southeast Asia. What It Means for Safety.
A hacking group linked to China compromised at least 10 organizations in Southeast Asia, including state owned entities that manage critical systems affecting public services.
2 min readFake Venezuela Earthquake Charity Sites Steal Your Donations
Scammers created 212 fake charity websites in just five days after Venezuela's earthquake. Here's how to donate safely and protect your family.
3 min read212 Fake Disaster Relief Sites Created in Just 5 Days
Scammers registered 212 fake Venezuelan earthquake relief websites in five days. Here's how to protect yourself when donating after disasters.
3 min read