About 14,000 Google users have been cautioned about being targeted in a state-sponsored phishing attempt by APT28, a threat organization linked to Russia.
The campaign was discovered in late September. It is responsible for a larger-than-usual batch of Government-Backed Attack warnings that Google sends out to targeted consumers each month.
According to Shane Huntley, the head of Google’s Threat Analysis Group (TAG), the higher-than-usual number of alarms this month is due to a limited number of extensively targeted operations that were prevented.
The APT28 (aka Fancy Bear) effort resulted in a higher number of alerts for Gmail users across different sectors.
According to Huntley, Fancy Bear’s phishing effort accounts for 86 percent of all batch alerts sent out this month. He clarifies that these messages reflect recipient targeting rather than a breach of their Gmail account.
His tweet says that the notice primarily informs individuals that they are a potential target for the next cyberattack and that now is an excellent time to take security precautions.
“So why do we do these government warnings then? The warning really mostly tells people you are a potential target for the next attack so, now may be a good time to take some security actions. As we’ve previously explained, we intentionally send these notices in batches, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defense strategies,” Huntley said.
These warnings are standard for activists, journalists, government officials, and those who work in national security organizations since government-backed organizations target them.
Gmail blocked all phishing emails from the Fancy Bear campaign, and they did not reach users’ inboxes since they were immediately categorized as spam.
Data theft and espionage are common activities for this organization. Members of the Bundestag, Germany’s Federal Parliament, and the Norwegian Parliament are among its most recent targets.
Google’s objective with these notifications is to let people know that hackers are targeting them and they should strengthen their defenses. The company recommends the Advanced Protection Program for professional and personal email.