Google has warned about 14,000 of its users about being targeted in a state-sponsored phishing marketing campaign from APT28, a menace group that has been linked to Russia.
The marketing campaign was detected in late September and accounts for a bigger than traditional batch of Government-Backed Attack notifications that Google sends to targeted users each month.
Fancy Bear phishing
Shane Huntley, who’s on the helm of Google’s Threat Analysis Group (TAG) that responds to government-backed hacking, notes that the higher-than-usual variety of alerts this month comes from “from a small number of widely targeted campaigns which were blocked.”
The marketing campaign from APT28, also referred to as Fancy Bear, result in a bigger variety of warnings for Gmail users throughout varied industries.
In a press release despatched by a Google spokesperson, Huntley says that Fancy Bear’s phishing marketing campaign accounts for 86% of all of the batch warnings delivered this month.
He explains that these notifications point out concentrating on of the recipient, not a compromise of their Gmail account.
“So why do we do these government warnings then? The warning really mostly tells people you are a potential target for the next attack so, now may be a good time to take some security actions” – Shane Huntley
Huntley says that these warnings are regular for people akin to activists, journalists, authorities officers, or people who work nationwide safety buildings as a result of that’s who government-backed entities are concentrating on.
All the phishing emails from the Fancy Bear marketing campaign have been blocked by Gmail and didn’t land within the users’ inboxes as they have been mechanically labeled as spam.
“As we’ve previously explained, we intentionally send these notices in batches, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defense strategies,” Huntley stated.
APT28 has been working since at the very least 2004 on behalf of Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) navy unit 26165.
The group is often engaged in information theft and espionage exercise. Among its more moderen targets are members of the Bundestag, the German federal parliament, and of the Norwegian Parliament.
Google’s aim with these alerts is to tell people that they’re being targeted to allow them to enhance defenses. The firm’s suggestion is to enroll within the Advanced Protection Program for work and private electronic mail.