Here’s the official statement from Google:
Through the strength of our cloud-based security and abuse detection systems*, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.
Google says that the hacker (or hackers), sent emails to the affected individuals, making themselves look like co-workers. They were monitoring the accounts and altering settings to enable forwarding and guest access to the accounts. How much Google knows about where the attacks originated is uncertain. But given the involvement of government and military employees, and the White House administration’s strong position against cybercrimes, it makes the breach all the more intriguing.
Security blog Contagio also has a great analysis of the entire attack, including the above image, which shows how closely the Gmail login screen was mimicked in this phishing scheme. [Google via WaPo and Forbes]