Google has notified thousands of Gmail (opens in new tab) users they may have been targeted by a state-sponsored phishing (opens in new tab) campaign reportedly orchestrated by Russian state-sponsored threat actors known as APT28.
Shane Huntley, the head of Google’s cybersecurity (opens in new tab) division Threat Analysis Group (TAG), took to Twitter (opens in new tab) to note that it had just shared an "above average batch" of warnings with around 14,000 users.
“These warnings indicate targeting NOT compromise. If we are warning you there's a very high chance we blocked [the malicious message]," explained Huntley to anyone spooked by the warnings.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- Here are the best email services (opens in new tab) around today
- Take a look at these best password managers (opens in new tab)
- We’ve also rounded up the best security keys (opens in new tab)
He added that this month’s increased numbers are due to the persistent attempts from a small number of widely targeted, but eventually blocked, campaigns.
Detected and blocked
According to BleepingComputer, the campaign was detected in late September and accounts for a larger than usual batch of government-backed attack notifications that Google sends to targeted users every month.
Huntley went on to explain that the warnings are usually sent to activists, journalists, government officials, or people that work national security structures, since they are the ones who usually find themselves in the cross-hairs of state-sponsored threat actors.
In an official Google statement Huntley reaffirmed that "100% of these emails were automatically classified as spam and blocked by Gmail."
But then why the notifications? Huntley explained that the warnings serve as a reminder to people that they are on the potential hit list of threat actors and should keep their eyes peeled for suspicious emails, and take steps to fortify their email accounts, such as enabling two-factor authentication (2FA (opens in new tab)).
Huntley also shared that the team sends out the notifications in batches, rather than as and when the threats were detected, in order to prevent the attackers from deducing Google’s defense strategies.
- Shield yourself with these best identity theft protection services (opens in new tab)
Via BleepingComputer (opens in new tab)