Through a letter sent via email, Google has notified some 14,000 Gmail users that during the past months they could have been the target of a sophisticated spear phishing campaign operated by a hacking group identified as APT28. The letter is signed by Shane Huntley, director of the Google Threat Analysis Group.
Huntley emphasizes the fact that these alerts do not mean that the notified users have been compromised, since Google managed to block most attack attempts. The representative also mentions that this campaign accounted for 86% of the security incidents addressed by Google during the last month.
About APT28, also identified as Fancy Bear, cybersecurity experts mention that this is a hacking group linked to the main military and intelligence agency in Russia, which had already been detected by the Federal Bureau of Investigation (FBI) in other attacks.
Experts identify APT28 as one of the most active hacking groups over the past 10 years, deploying massive phishing campaigns against targets of all kinds, mainly activists, political opponents, journalists and even celebrities.
While the hackers’ main goal is to compromise victims’ inboxes, later attack stages would allow access to private documents and even gain an access point to other targets and internal networks.
Since APT28 specializes in targeted engagement, Huntley recommends users enable other protection mechanisms: “If you receive a warning and are considered a potential target for these hackers, we recommend joining Google’s Advanced Protection Program, designed to increase email security for people of interest.”
The warnings sent this week are not a new feature of Gmail, but Google has been using this policy for a while to report attacks carried out by entities sponsored by nation states since 2012. This measure has allowed the company to keep a better record of hacking groups linked to Western adversaries.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.