article featured image


The American multinational tech company Google has alerted more than 14,000 Gmail users about a phishing campaign targeting them. The operation is allegedly conducted by a hacking group that has been linked to Russia, dubbed APT28.

Following the discovery of phishing emails, Google has immediately blocked them.

At the end of September, Google discovered that a large number of Gmail users from a wide range of businesses were being targeted by the APT28 hacking gang. The threat actor, also known as Fancy Bear, has been operational starting with 2004.

Shane Huntley, Director of Google’s Threat Analysis Group (TAG) said this week that “this particular campaign comprised 86% of the batch of warnings we sent for this month.”

He notes that these warnings suggest recipient targeting rather than a breach of their Gmail account.

According to him, these warnings are normal for activists, reporters, government representatives, and individuals who work in national security systems as government-backed organizations usually go after them.

As we said before, Google took immediate action when it learned about the APT28 campaign blocking all the phishing emails so they wouldn’t get to the intended receivers.

As we’ve previously explained, we intentionally send these notices in batches, rather than at the moment we detect the threat itself so that attackers cannot track some of our defense strategies.



APT28 has previously been linked to the GRU, Russia’s military intelligence organization. It’s been in business since at least 2004. Fancy Bear began by stealing information from several governments in Europe and the United States.

The group is usually focused on data theft and espionage. This threat actor has allegedly hacked the email accounts of seven members of the German federal parliament (Bundestag) and 31 members of German regional parliaments.

By sending these security warnings, Google aims to notify its users they are being targeted in the phishing campaign hoping that they will enhance their security solution.

Heimdal™ Email Security is more than a regular spam filter. Step into a new era of email security and compliance with a solution that combines outstanding Threat Intelligence with human expertise.

Heimdal Official Logo
Email is the most common attack vector used as an entry point into an organization’s systems.

Heimdal® Email Security

Is the next-level email protection solution which secures all your incoming and outgoing comunications.
  • Completely secure your infrastructure against email-delivered threats;
  • Deep content scanning for malicious attachments and links;
  • Block Phishing and man-in-the-email attacks;
  • Complete email-based reporting for compliance & auditing requirements;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo