Google has warned approx. 14,000 Gmail users about being attacked by government-backed phishing campaign conduct by Fancy Bear, or APT28, a Russian government cyber espionage group.
Google communicated to Gmail users by sending email notifications and recommended to enroll in Advanced Protection Program (APP) for personal and work email.
Official Statement of Google on Fancy Bear Phishing Attack on Gmail Users:
Google’s Threat Analysis Group (TAG) Director Shane Huntley, wrote on Twitter that their team has sent “above average batch” of warnings about the government phishing attempts. They also stated they are able to block phishing emails sent by APT28 and they will be classified as spam and don’t come in the inbox folder.
Below is the notification snapshot sent by Google to Gmail users.
TAG team also informed that they already delivered warnings to 86% of Gmail accounts this month who are under the radar of Fancy Bear’s phishing campaign and these alert notifications indicate targeting of the recipient, not a compromise of their Gmail account.
They also advised increasing their Gmail protection by using multi-factor authentication, or using security keys instead of SMS, or enroll in the Google Advanced Protection Program (APP).
In late September, we detected an APT28 phishing campaign targeting a large volume of Gmail users (approx 14,000) across a wide variety of industries. This particular campaign comprised 86% of the batch of warnings we sent for this month. Firstly these warnings indicate targeting NOT compromise. If we are warning you there’s a very high chance we blocked. If you are an activist/journalist/government official or work in NatSec, this warning honestly shouldn’t be a surprise. At some point, some government-backed entity probably will try to send you something,” he added while urging users to review account security settings.
Shane Huntley, Director, Google Threat Analysis Group (TAG)
Shane Huntley also posted a reminder about government-backed phishing from Google’s security blog which states that-
We intentionally send these notices in batches to all users who may be at risk, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defense strategies. We have an expert team in our Threat Analysis Group, and we use a variety of technologies to detect these attempts. We also notify law enforcement about what we’re seeing; they have additional tools to investigate these attacks.
Google Security Blog
Here is the official statement from Google – Google Online Security Blog: A reminder about government-backed phishing
Fancy Bear (or) APT28 – One of the World’s most Dangerous Nation Hacker Group:
Fancy Bear (or) APT28 is one of the most threatening hacking groups responsible for some of the high-profile attacks in recent years. It has been operating since 2004 and is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165.
Generally, Fancy Bear group attacked the victim by spear-phishing emails and their goal is to get unauthorized access to inboxes and steal sensitive information and documents, then exploit to other individuals or internal networks.
APT 28 gained huge popularity when they are involved in the Great DNC Hack of 2016, 2017 French Presidential election and more recently they target members of the Bundestag, the German Federal Parliament, and the Norwegian Parliament.
The group’s immense attacks against the individuals in the political and defense sectors clearly pictured the planned interests of the Russian government.
According to Microsoft’s second Annual Digitial Defence Report, there is a spike increase in Russian government-backed hacking group attacks from 21% to 32% compared to last year.
Google Sending Security Keys to 10000 Gmail Users:
The Goggle company also announced they are sending security keys to 10,000 Gmail users as part of enrolling in their Advanced Protection Program (APP). This was informed in their security blog few days after the attack.
Advanced Protection Program (APP) is Google’s strongest security system for those users who are at higher risk in such phishing attacks and are targeted to steal their sensitive information or documents such as elected officials, political campaigns, human rights activists and journalists.
In the same security blog, they also stated that to enhance security for most at-risk users, they are partnering with International Foundation for Electoral Systems (IFES), UN Women, and Defending Digital Campaigns (a non-profit).
Here is the official report – Delivering 10,000 security keys to high-risk users
Found this article interesting? Follow DefenseLead on Twitter, Facebook and LinkedIn to read more exclusive content.