Google’s anti-hacker team warned approx. 14,000 Gmail users about a phishing campaign carried out by APT28, or Fancy Bear, a Russian government hacking group responsible for some high profile attacks over the last few years.
The head of the Threat Analysis Group (TAG) at Google wrote on Twitter that TAG sent an “above average” batch of warnings about government-backed phishing attempts.
“Firstly these warnings indicate targeting NOT compromise. If we are warning you there's a very high chance we blocked [it]. The increased numbers this month come from a small number of widely targeted campaigns which were blocked,” he tweeted.
Here’s how the warning looks like:
“An extremely small fraction of users will ever see one of these, but if you receive this warning from us, it's important to take immediate action on it,” Google explained.
Huntley also posted a reminder from 2018 what to do if you’ve received such a warning.
“Government-backed phishing has been in the news lately. If you receive a warning in Gmail, be sure to take prompt action. Get two-factor authentication on your account. And consider enrolling in the Advanced Protection Program,” Huntley wrote.
According to the statement by Google’s spokesperson sent to Vice, warnings were related to the APT28 nation-state sponsored hacking group, better known as Fancy Bear.
CyberNews researchers have listed Fancy Bear as one of the world’s most dangerous state-sponsored hacker groups.
Fancy Bear (not to be confused with Cozy Bear, Venomous Bear, or Voodoo Bear) gained notoriety following reports of the group’s involvement in the Great DNC Hack of 2016, as well as a series of cyberattacks on Emmanuel Macron's campaign websites in the run-up to the 2017 French Presidential elections. Ever since, the cybersecurity community has been observing the group’s attacks far beyond the US and Western Europe.
The group’s extensive operations against victims in the political and defense sectors seem to mirror the strategic interests of the Russian government, which strongly points to an affiliation with the country’s military intelligence service, GRU.
Microsoft has just released its second annual Digital Defence Report, and it claims that attacks from Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate last year to a 32% rate this year.
More from CyberNews:
Subscribe to our newsletter