14,000 Gmail users notified after APT28 attacks

14000 Gmail users have received email notifications that they may have been the target of spear-phishing attacks. It is being reported that the phishing attacks are being arranged by APT28, a well-known, state-sponsored threat actor based out of Russia.

The Federal Bureau of Investigation has previously attributed the APT28 hacking group to Russia’s General Staff Main Intelligence Directorate (GRU) 85h Main Special Service Centre (GTsSS0) military unit 26165. These state-sponsored threat actors have reportedly been active since the year 2004. APT28 is also the same group attributed to the compromise of presidential candidate Hilary Clinton’s campaign and the Democratic Congressional Committee in 2016 in an attempt to directly interfere with the United States Presidential Elections.

You may also like: Google publishes its first transparency report under IT Rules, 2021

A few days ago, Google’s Threat Analysis Group (TAG) alerted more than 14000 Gmail users that they were the target of APT28’s state-sponsored phishing campaign.  

You may also like: Biden administration announces new cyber initiatives with private sector

Implications of the Gmail attacks

TAG is a security division of Google that focuses on detecting threat actors such as APT28. Huntley has also stated that they have been able to block all the emails sent by APT28 in this particular phishing campaign.

According to a thread of tweets released by Huntley, TAG detected an APT28 phishing campaign targeting Gmail users across various industries. He says that these notifications do not indicate compromise, but merely indicate targeting and a high possibility of the attempt being blocked. He goes on to explain that the warnings are to inform people that they may be potential victims of any further attacks in the future as well.

As seen in the tweets above, Huntley says that activists, journalists, government officials or anyone working in National Security can expect these kinds of warnings, implying that their positions are of interest to state-sponsored threat actors like APT28. This is also not the first time that Gmail has sent out these kinds of notifications. In a post released on Google’s Security Blog back in 2012 by Eric Grosse (former Vice President of Security Engineering at Google), he introduces a similar notification in a case where a user might be the target of a state-sponsored attack of any sort.  

APT28 has been one of the most active threat actors, especially over the last decade or so. They have often relied on their spear-phishing exploits to chase down their targets. Through their phishing attempts, they try to breach the inboxes of their targets to gain access to any sensitive communications or even documents. In the same way, they target other individuals and even try to breach internal networks.

You may also like: Russia gives the UN draft convention to fight cybercrime

Google’s prompt reaction

It is essential to credit TAG for stopping the phishing attacks for now and even warning approximately 14000 users to protect themselves in all ways possible. A few days after the attack, in a blog post, the company announced that they will be sending out security keys to approximately 10000 users to encourage users to enrol in their Advanced Protection Program (APP). This program is Google’s highest safeguard for those individuals who deal with sensitive information or documents which are at risk in such phishing attacks.

In the same blog post, the company also announced new and extended partnerships with the International Foundation for Electoral Systems (IFES), UN Women, and Defending Digital Campaigns (a non-profit) to increase security for the most “at-risk” users.