Russian hackers have successfully bypassed Gmail's multi-factor authentication by employing sophisticated social engineering tactics to obtain app-specific passwords from targeted academics and critics of Russia. The attackers impersonated U.S. Department of State officials, convincing victims to share their passwords under the pretense of accessing a secure communication platform. Security researchers have linked these activities to the state-sponsored group APT29, known for attacking high-profile targets since 2008.