Google has warned its approximately 14,000 users that they have been attacked by a state-sponsored phishing campaign by APT28 (a threat group linked to Russia). The campaign was discovered in late September and accounts for a larger batch of government-backed attack notifications that Google sends to targeted users every month.
Shane Huntley, who at the helm of the Google Threat Analysis Team (TAG) responding to government-backed hacking attacks, noted that more alerts this month than usual came from a small number of blocked broad target activities.
The campaign from APT28 (also known as Fancy Bear) has led to more warnings from Gmail users in various industries. In a statement issued by a Google spokesperson, Huntley said that Fancy Bear’s phishing activities accounted for 86% of all batches of warnings delivered this month.
He explained that these notifications indicated that they were targeted at the recipient, not their Gmail account was compromised. So, why do we make these government warnings? The warnings are actually mainly to tell people that you are a potential target for the next attack, so now may be a good time to take some security actions. These warnings are for activists, journalists, It is normal for government officials or people working in national security agencies because this is the goal of government-supported entities.
Join RealMi Central on Telegram, Facebook & Twitter
All phishing emails from the Fancy Bear campaign were blocked by Gmail and did not fall into the user’s inbox because they were automatically classified as spam. As we explained before, we intentionally send these notifications in batches, rather than at the moment we detect the threat itself so that attackers cannot track some of our defense strategies, Huntley said.
APT28 has been acting on behalf of the military unit 26165 of the 85th Main Secret Service Center (GTsSS) of the Main Intelligence Agency (GRU) of the Russian General Staff since at least 2004. This organization usually engages in data theft and espionage activities. Among its most recent goals are members of the German Bundestag and the Norwegian Parliament.
Google’s purpose of issuing these alerts is to inform individuals that they are being targeted so that they can improve their defense capabilities. The company’s recommendation is to join an advanced protection program for work and personal email.