APT28 attack attempts against 14,000 Gmail users

APT28 attack attempts against 14,000 Gmail users

On 6th, Google has warned about 14,000 Gmail users that they’ve been targets of Russian government sponsored APT28 phishing campaign.

“We detected an APT28 phishing campaign targeting a large volume of Gmail users (approx 14,000) across a wide variety of industries in late September,” Shane Huntley, Director of Google’s Threat Analysis Group, told The Record in an email, in response to a question about how many users took to social media to post the message they received from Google.

APT28 – Fancy Bear phishing

The APT28, also known as Fancy Bear has previously targeted governments, militaries, and security organizations worldwide since 2004 on behalf of Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165 and now responsible for higher number of warnings for Gmail users across a variety of businesses.

Their most recent targets are members of the Bundestag and member of Norwegian Parliament. APT28 attackers use spear-phishing techniques to breach gmail inboxes and obtain access to confidential information and then provide gateway to internal networks.

Huntley says that “Fancy Bear’s phishing campaign accounts for 86% of all the batch warnings delivered this month and frequently targets on activists, journalists, government officials or National Security employees. Emails were automatically classified as spam and blocked by Gmail and we send awareness notices in batches to above mentioned people who were targeted by government backed attackers

source: Barton Gellman


Learnings :

Phishing Attack Techniques:

  • Email Phishing : Emails with embedded link which will redirects to an unsecure website that requests sensitive information from employee once they click on it
  • Clickjacking : Malicious email or ad attached with Trojan which will allow the attacker to exploit security flaws to access sensitive information
  • Domain Spoofing : Spoofing as a reputable sender email address and request sensitive information
  • Voice Phishing : Impersonating a known firm vendor or IT department to get company information over the phone

Steps for companies to protect against phishing:

  • Employee Training : Conduct training sessions and educate employees with mock phishing scenarios.
  • Spam Filter : Install a SPAM filter that can detect malware, blank senders, and other spam.
  • Updates : Maintain all systems with the most recent security patches and updates.
  •  Firewall : Install best firewall antivirus solution and schedule updates to monitor all the systems, application and network.
  • Security Policy : Create a security policy that addresses password expiration and complexity, among other things.

Awareness :

The APT28 attack primarily informs people that they may be a target for the next attack, therefore now is a good time to take security precautions. Google recommendation is to enroll in the Advanced Protection Program for work and personal email.

Reference :

Google blocked Russian government phishing emails targeting 14,000 users. VICE. (n.d.). Retrieved October 8, 2021, from https://www.vice.com/en/article/93yxe3/google-blocked-russian-government-phishing-emails-targeting-14000-users.