logo

Kaspersky Lab experts have discovered a new attack vector and toolkit for compromising corporate Gmail accounts

ID: d6d6ff13-f36d-53cd-94c4-201a6b33b629

STIX ID: report--d6d6ff13-f36d-53cd-94c4-201a6b33b629

Feed Name: DataBreaches.Net

Threat Score
75/100

Date Published: 2026-06-30

Date Updated: 2026-07-02

Author: Dissent

...
...

Kaspersky Lab has discovered Umbrij, a Windows-targeting toolkit used by the ToddyCat APT to compromise corporate Gmail accounts by connecting to Chromium browsers via the remote debug port and leveraging saved sessions to request OAuth tokens (Shadow Token via Remote Debug). The tool can gain full access to email, cloud storage, contacts and calendars without credentials, allowing prolonged, automated data harvesting; Kaspersky recommends monitoring unusual debug-port usage, auditing third-party Google app access, and disabling developer tools for non-developers.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.