



Google talked about blocking FancyBear / APT28 themed targeted fish campaigns. Let’s see what we are doing to keep our users safe.

APT28, also known as Fancy Bear, is at the heart of another targeted campaign. This time, I’m sniffing users of Google services. Approximately 14,000 people have been notified of Spearfish’s attempts to compromise their accounts and access their files.

When did this happen?

Sometime in late September, according to Google people. They didn’t elaborate on which industry was their primary target, but the campaign endangered 86% of the batch of warnings we sent this month.

Did Google catch all the malicious messages?

Shane Huntley, director of the Googles Threat Analysis Group, said she blocked all emails sent. That seems pretty decisive. He will explain in detail in this thread.

TAG sent a above average batch of government-sponsored security alerts yesterday. Some information for those who received the warning and something that reminds me of what it means:

And also for this



In his view, these warnings are primarily instructing the hatch to be overthrown for the next attack.

Many of the first targets of government-sponsored threats have often been blocked by good security principles such as security keys, patching, and awareness. Therefore, I warn you.



Google’s security blog has more information on this type of warning. If you see the following message, it’s definitely time to take action.

A government-backed attacker may be trying to steal your password.

This may be a false alarm, but it is probable that a government-backed attacker was detected trying to steal the password. This happens in less than 0.1% of all Gmail users. Attackers take notes and change tactics, so it’s not possible to reveal what betrayed us, but if at some point the attacker gains access to your data or yours. You can use your account to perform other actions.

Google encourages affected users to participate in the Advanced Protection Program. This is said to be the strongest protection against users at risk of targeted attacks.

What is an advanced protection program?

Google’s advanced protection program is another layer of security in addition to regular Google protection for those who need it. Physical security keys are a major feature of this program. The Chrome browser also scans any files you try to download to your device. It also rejects files from untrusted / unknown sources on Android, making it more difficult for malicious files to get permissions from the device.

What else is Google doing in this area?

Well, Google is very important about auto-registration of things like 2FA these days. 2FA utilization is very low for many services on the web, and something like this only helps to make everyone a little more secure.

There is also Google’s security check function. At a glance, you’ll see the device you logged in to, recent security activity, whether 2FA is enabled, and your Gmail settings (such as addresses you may have blocked). Many of the tabs display more and more information as you progress. The two-step column describes the phone that uses the sign-in prompt, the authentication system app that you are using, the date and time it was added, the phone number, and the backup code.

Remember that you’ll also see a list of IP addresses using your Gmail account in the lower right corner of your desktop (last account activity). It shows the type of access (Web? Mobile?), Location / IP address, and date / time of the above activity.

All of this not only helps prevent compromises, but also helps you figure out where the problem occurred.

Do you need to worry?

As mentioned above, the risk from something like Fancy Bear is negligible. If you work in a high-risk profession, or if you’re dealing with sensitive data that your government may be interested in, yes, yes, you could be a potential target. If you are a journalist, activist, human rights activist, lawyer, or somehow playing the role of natsec, it is advisable to enroll in an advanced protection program.

Everyone else really needs to be more worried about common malware, garden malware, scams, fish and more. The good news is that many basic security practices that help prevent these attacks also go some way to prevent the big ones. It doesn’t hurt yourself to start using the above security practices … that win-win.

Work in your favor and start digging into the many security features available to Google. You’ll be amazed at how easy most settings are, and at the same time, you can increase the security of your data.

