The Google and China war goes a long way. Started over the censorship issues, soon Google decided to stop censoring searches after the Chinese hackers breached Google headquarters in Beijing. The traffic then was forwarded to Google Hong Kong which was soon blocked by government of China. Over the past week, Chinese IPSs or Hackers (unclear yet) are executing phishing attacks on Gmail. When the users from China try to open Gmail.com they are forwarded to http://18.104.22.168/web/gmail/ which is a fake gmail login page where they are asked to fill their login credentials again. This leads to a classical phishing attack where the owner of the fake login page gets hold of the credentials.
It is yet unclear if the attack is by hackers who have hijacked Gmail China or by the ISPs of China who are redirecting the traffic to a different page.
It’s an ISP DNS hijack.
Leave a comment