Google warns of APT28 attack attempts against 14,000 Gmail users

Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns.

On Wednesday, Google announced to have warned approximately 14,000 Gmail users that they had been targeted by nation-state hackers.

Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. 

The researchers pointed out that the warning is related to hacking attempts and that not all the attacks have been successful, also thanks to the defense implemented by Google.

“These warnings indicate targeting NOT compromise. If we are warning you there’s a very high chance we blocked,” Huntley wrote in a thread on Thursday. “The increased numbers this month come from a small number of widely targeted campaigns which were blocked.”

A spike in the number of attacks was observed in late September, Threat Analysis Group researchers uncovered an APT28 phishing campaign targeting approximately 14,000 Gmail users across multiple businesses.

The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

This specific campaign accounted for 86% of the batch of warnings that the Google team sent out for this month.

Huntley explained that state-sponsored hackers often focus on activists, journalists, government officials or individuals working in NatSec.

“If you are an activist/journalist/government official or work in NatSec, this warning honestly shouldn’t be a surprise.” Huntley added. “At some point, some government-backed entity probably will try to send you something,” he added while urging users to review account security settings,”

Google recommends enrolling in the Advanced Protection Program for work and personal email, this program safeguards users with high visibility and sensitive information, who are at risk of targeted online attacks. The company automatically improve its service to defend against today’s wide range of threats.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, spear-phishing)

[adrotate banner=”5″]

[adrotate banner=”13″]