ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool HYPERSCRAPE

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: HYPERSCRAPE

NamesHYPERSCRAPE
CategoryMalware
TypeExfiltration
Description(Google) HYPERSCRAPE requires the victim’s account credentials to run using a valid, authenticated user session the attacker has hijacked, or credentials the attacker has already acquired. It spoofs the user agent to look like an outdated browser, which enables the basic HTML view in Gmail. Once logged in, the tool changes the account’s language settings to English and iterates through the contents of the mailbox, individually downloading messages as .eml files and marking them unread. After the program has finished downloading the inbox, it reverts the language back to its original settings and deletes any security emails from Google. Earlier versions contained the option to request data from Google Takeout, a feature which allows users to export their data to a downloadable archive file.
Information<https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/>

Last change to this tool card: 12 September 2022

Download this tool card in JSON format

All groups using tool HYPERSCRAPE

ChangedNameCountryObserved

APT groups

XMagic Hound, APT 35, Cobalt Illusion, Charming KittenIran2012-Sep 2022 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]