Contents:
The American multinational tech company Google has alerted more than 14,000 Gmail users about a phishing campaign targeting them. The operation is allegedly conducted by a hacking group that has been linked to Russia, dubbed APT28.
Following the discovery of phishing emails, Google has immediately blocked them.
At the end of September, Google discovered that a large number of Gmail users from a wide range of businesses were being targeted by the APT28 hacking gang. The threat actor, also known as Fancy Bear, has been operational starting with 2004.
Shane Huntley, Director of Google’s Threat Analysis Group (TAG) said this week that “this particular campaign comprised 86% of the batch of warnings we sent for this month.”
He notes that these warnings suggest recipient targeting rather than a breach of their Gmail account.
So why do we do these government warnings then? The warning really mostly tells people you are a potential target for the next attack so, now may be a good time to take some security actions.
— Shane Huntley (@ShaneHuntley) October 7, 2021
According to him, these warnings are normal for activists, reporters, government representatives, and individuals who work in national security systems as government-backed organizations usually go after them.
As we said before, Google took immediate action when it learned about the APT28 campaign blocking all the phishing emails so they wouldn’t get to the intended receivers.
As we’ve previously explained, we intentionally send these notices in batches, rather than at the moment we detect the threat itself so that attackers cannot track some of our defense strategies.
APT28 has previously been linked to the GRU, Russia’s military intelligence organization. It’s been in business since at least 2004. Fancy Bear began by stealing information from several governments in Europe and the United States.
The group is usually focused on data theft and espionage. This threat actor has allegedly hacked the email accounts of seven members of the German federal parliament (Bundestag) and 31 members of German regional parliaments.
By sending these security warnings, Google aims to notify its users they are being targeted in the phishing campaign hoping that they will enhance their security solution.
Heimdal™ Email Security is more than a regular spam filter. Step into a new era of email security and compliance with a solution that combines outstanding Threat Intelligence with human expertise.
Heimdal® Email Security
- Completely secure your infrastructure against email-delivered threats;
- Deep content scanning for malicious attachments and links;
- Block Phishing and man-in-the-email attacks;
- Complete email-based reporting for compliance & auditing requirements;