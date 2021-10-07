



Google has sent more than 14,000 Gmail users an email notification informing them that they have been the target of a spear phishing attack organized by a state-sponsored hacking group.

“In late September, an APT28 phishing campaign targeting a large number of Gmail users in various industries was detected,” Shane Huntley, director of Google’s threat analytics group, told The Record in an email. I did. About the number of users who used social media to post messages received from Google.

“This particular campaign accounted for 86% of the series of warnings we sent this month,” Huntley added.

“First of all, these warnings indicate targeting rather than compromise. If you do, you’re very likely to block,” Huntley said in another Twitter thread.

“If you’re an activist / journalist / government official or working at NatSec, this warning is honestly not surprising.

“At some point, a government-backed organization will try to send you something,” he added, urging users to check the security settings of their accounts.

Huntley, who heads the TAG team, Google’s security division focused on hunting top threat actors, said the campaign blocked all email sent by the APT28 group.

Tracked as APT28, but more commonly known as the Fancy Bear, the FBI and NSA called the group earlier this summer to Russian military intelligence agencies, especially the General Staff of the Armed Forces of Russia (GRU). Linked to the 85th Main Special Service Center (GTsSS), Military Unit 26165.

APT28 has been one of the most active threat actors in the last decade, and groups often rely on spear phishing emails to track targets of interest. Their purpose is to compromise your inbox, access sensitive documents and communications, and then pivot to other individuals or internal networks.

“If you receive a warning, or if you are a high-risk user, journalist, politician, celebrity, or CEO, we recommend that you enroll in an advanced protection program for work and personal email.” Huntley said in an email, enabling additional security protection for high-risk accounts.

The warnings sent this week aren’t new to Gmail. Google has been sending alerts about attacks carried out by state-sponsored entities since 2012.

Catalin Cimpanu is The Record’s cybersecurity reporter. He previously worked for ZDNet and Bleeping Computer. It has become famous in the industry for its constant investigation into new vulnerabilities, cyberattacks, and law enforcement measures against hackers.

