On 6th, Google has warned about 14,000 Gmail users that they’ve been targets of Russian government sponsored APT28 phishing campaign.
“We detected an APT28 phishing campaign targeting a large volume of Gmail users (approx 14,000) across a wide variety of industries in late September,” Shane Huntley, Director of Google’s Threat Analysis Group, told The Record in an email, in response to a question about how many users took to social media to post the message they received from Google.
The APT28, also known as Fancy Bear has previously targeted governments, militaries, and security organizations worldwide since 2004 on behalf of Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165 and now responsible for higher number of warnings for Gmail users across a variety of businesses.
Their most recent targets are members of the Bundestag and member of Norwegian Parliament. APT28 attackers use spear-phishing techniques to breach gmail inboxes and obtain access to confidential information and then provide gateway to internal networks.
Huntley says that “Fancy Bear’s phishing campaign accounts for 86% of all the batch warnings delivered this month and frequently targets on activists, journalists, government officials or National Security employees. Emails were automatically classified as spam and blocked by Gmail and we send awareness notices in batches to above mentioned people who were targeted by government backed attackers
source: Barton Gellman
The APT28 attack primarily informs people that they may be a target for the next attack, therefore now is a good time to take security precautions. Google recommendation is to enroll in the Advanced Protection Program for work and personal email.
Google blocked Russian government phishing emails targeting 14,000 users. VICE. (n.d.). Retrieved October 8, 2021, from https://www.vice.com/en/article/93yxe3/google-blocked-russian-government-phishing-emails-targeting-14000-users.