A sophisticated Russian state-sponsored cyber operation has successfully exploited Google’s App-Specific Password (ASP) feature to bypass multi-factor authentication protections, targeting prominent critics of Russia in a campaign that demonstrates the evolving threat landscape facing high-profile individuals.