News data privacy

14,000 Gmail users notified after APT28 attacks

Gmail

14000 Gmail users have received email notifications that they may have been the target of spear-phishing attacks. It is being reported that the phishing attacks are being arranged by APT28, a well-known, state-sponsored threat actor based out of Russia.

The Federal Bureau of Investigation has previously attributed the APT28 hacking group to Russia’s General Staff Main Intelligence Directorate (GRU) 85h Main Special Service Centre (GTsSS0) military unit 26165. These state-sponsored threat actors have reportedly been active since the year 2004. APT28 is also the same group attributed to the compromise of presidential candidate Hilary Clinton’s campaign and the Democratic Congressional Committee in 2016 in an attempt to directly interfere with the United States Presidential Elections.

You may also like: Google publishes its first transparency report under IT Rules, 2021

A few days ago, Google’s Threat Analysis Group (TAG) alerted more than 14000 Gmail users that they were the target of APT28’s state-sponsored phishing campaign.  

Barton Gellman is the author of ‘Dark Mirror’ and ‘Angler’. He is also a staff writer for The Atlantic.

“We intentionally send these notices in batches to all users who may be at risk, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defense strategies. We have an expert team in our Threat Analysis Group, and we use a variety of technologies to detect these attempts. We also notify law enforcement about what we’re seeing; they have additional tools to investigate these attacks.”

via Google’s security blog

You may also like: Biden administration announces new cyber initiatives with private sector

Implications of the Gmail attacks

Shane Huntley is the Director of Google’s Threat Analysis Group (TAG)

TAG is a security division of Google that focuses on detecting threat actors such as APT28. Huntley has also stated that they have been able to block all the emails sent by APT28 in this particular phishing campaign.

According to a thread of tweets released by Huntley, TAG detected an APT28 phishing campaign targeting Gmail users across various industries. He says that these notifications do not indicate compromise, but merely indicate targeting and a high possibility of the attempt being blocked. He goes on to explain that the warnings are to inform people that they may be potential victims of any further attacks in the future as well.

As seen in the tweets above, Huntley says that activists, journalists, government officials or anyone working in National Security can expect these kinds of warnings, implying that their positions are of interest to state-sponsored threat actors like APT28. This is also not the first time that Gmail has sent out these kinds of notifications. In a post released on Google’s Security Blog back in 2012 by Eric Grosse (former Vice President of Security Engineering at Google), he introduces a similar notification in a case where a user might be the target of a state-sponsored attack of any sort.  

Source: Google Security Blog

APT28 has been one of the most active threat actors, especially over the last decade or so. They have often relied on their spear-phishing exploits to chase down their targets. Through their phishing attempts, they try to breach the inboxes of their targets to gain access to any sensitive communications or even documents. In the same way, they target other individuals and even try to breach internal networks.

You may also like: Russia gives the UN draft convention to fight cybercrime

Google’s prompt reaction

It is essential to credit TAG for stopping the phishing attacks for now and even warning approximately 14000 users to protect themselves in all ways possible. A few days after the attack, in a blog post, the company announced that they will be sending out security keys to approximately 10000 users to encourage users to enrol in their Advanced Protection Program (APP). This program is Google’s highest safeguard for those individuals who deal with sensitive information or documents which are at risk in such phishing attacks.

In the same blog post, the company also announced new and extended partnerships with the International Foundation for Electoral Systems (IFES), UN Women, and Defending Digital Campaigns (a non-profit) to increase security for the most “at-risk” users.

“We’re excited to be working with these leading organizations to protect high-risk user groups and learn more about the needs of at-risk users and organizations. These collaborations help us make the world’s most advanced security even stronger, more inclusive and easier to use – helping everyone stay safer with Google.”

via a Google blog post written by Grace Hoyt and Nafis Zebarjadi

About the author

Arjun Ramprasad

Arjun Ramprasad is an undergraduate law student from Symbiosis Law School, Hyderabad with a flair for anything technology. If not here, you can find him performing on various stages as a percussionist.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.