APT

Google warns of APT28 attack attempts against 14,000 Gmail users

Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns.

On Wednesday, Google announced to have warned approximately 14,000 Gmail users that they had been targeted by nation-state hackers.

Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. 

The researchers pointed out that the warning is related to hacking attempts and that not all the attacks have been successful, also thanks to the defense implemented by Google.

“These warnings indicate targeting NOT compromise. If we are warning you there’s a very high chance we blocked,” Huntley wrote in a thread on Thursday. “The increased numbers this month come from a small number of widely targeted campaigns which were blocked.”

A spike in the number of attacks was observed in late September, Threat Analysis Group researchers uncovered an APT28 phishing campaign targeting approximately 14,000 Gmail users across multiple businesses.

The APT28 group (aka Fancy BearPawn StormSofacy GroupSednit, and STRONTIUM) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

This specific campaign accounted for 86% of the batch of warnings that the Google team sent out for this month.

Huntley explained that state-sponsored hackers often focus on activists, journalists, government officials or individuals working in NatSec.

“If you are an activist/journalist/government official or work in NatSec, this warning honestly shouldn’t be a surprise.” Huntley added. “At some point, some government-backed entity probably will try to send you something,” he added while urging users to review account security settings,”

Google recommends enrolling in the Advanced Protection Program for work and personal email, this program safeguards users with high visibility and sensitive information, who are at risk of targeted online attacks. The company automatically improve its service to defend against today’s wide range of threats.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, spear-phishing)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

13 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

19 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.