An anonymous reader writes:
Russian hacktivist group Fancy Bear (also referred to as APT28, Sofacy, and Strontium) has been using a flaw in Google's caching of Accelerated Mobile Pages (AMP) to phish targets, Salon reports. To make matters worse, Google has been aware of the bug for almost a year but has refused to fix it... The vulnerability involves how Google delivers google.com URLs for AMP pages to its search users in an effort to speed up mobile browsing. This makes Google products more vulnerable to phishing attacks.
Conservative blogger Matthew Sheffield writes in the article that most of the known targets "appear to have been journalists who were investigating allegations of corruption or other wrongdoing by people affiliated with the Russian government."
One such target was Aric Toler, a researcher and writer for the website Bellingcat who specializes in analyzing Russian media and the country's relationship with far-right groups within Europe and America... another journalist who writes frequently about Russia, David Satter, was taken in by a similar AMP phishing message... Shortly after Satter was tricked into visiting the fake website and entering his password, a program that was hosting the site logged into his Gmail account and downloaded its entire contents. Within three weeks, as the Canadian website Citizen Lab reported, the perpetrators of the hack began posting Satter's documents online, and even altering them to make opponents and critics of Russian President Vladimir Putin look bad.
Google told Salon they've "made a number of changes" to AMP -- without saying what they were. (After contacting Google for a comment, AMP's creator and tech lead blocked public comments on a Github bug report
about Google's AMP implementation.) "More things ... will come on Google's side in the future and we are working with browser vendors to eventually get the origin right," AMP's tech lead wrote last February.
Jason Kint, CEO of a major web publishing trade association, told Salon that "This report of an ongoing security issue is troubling and exactly why consolidation of power and closed standards are problematic. The sooner AMP migrates to the open web and becomes less tied to the interests of Google, in every way the better."