Skip to main content
    Corporate Gmail Accounts Being Targeted With New Stealth Attack Method
    Cybersecurity
    2 min read

    Corporate Gmail Accounts Being Targeted With New Stealth Attack Method

    A hacking group has a new toolkit for breaking into corporate Gmail accounts and reading emails, calendar data, and other information while staying hidden.

    Source

    DataBreaches.net

    Original headline: Kaspersky Lab experts have discovered a new attack vector and toolkit for compromising corporate Gmail accounts

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Tuesday, June 30, 2026Updated Wednesday, July 1, 20262 min read
    Share:

    Kaspersky Lab security researchers discovered a new attack method being used by a hacking group called ToddyCat. This toolkit allows attackers to compromise corporate Gmail accounts and access user information through Google's API (the system that lets programs interact with Google services). Once inside, attackers can read email conversations, harvest calendar information, and access data from other Google services while remaining undetected for long periods. This threat primarily targets businesses and organizations using corporate Gmail accounts (Google Workspace). Personal Gmail accounts used by families for everyday email are not the focus of this specific attack toolkit. However, if a family member uses a work Gmail account provided by their employer, that work account could be vulnerable if their company uses Google Workspace.

    For families using personal Gmail accounts, continue following standard security practices.

    1. Enable two-factor authentication on your Gmail account if you have not already. Go to your Google Account settings, select Security, and turn on 2-Step Verification.
    2. Review your account's security checkup at myaccount.google.com/security-checkup.
    3. Check which apps and services have access to your Google account and remove any you do not recognize or use. If you use a corporate Gmail account for work, alert your company's IT security team about this new threat so they can assess whether additional protections are needed. Protecting email accounts requires ongoing attention because email contains so much personal and sensitive information. Use strong, unique passwords for every account. Enable two-factor authentication wherever available. Regularly review which apps have access to your accounts and remove old or unused permissions. These habits create multiple layers of protection that make it much harder for attackers to succeed.

    Protect Yourself

    Use our GCR Data Shield to check if you're affected and take action.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: DataBreaches.net

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.