Skip to main content

Thousands of Gmail users targeted by Russian hackers

Cloud Security
(Image credit: laymanzoom / Shutterstock)

Google has notified thousands of Gmail users they may have been targeted by a state-sponsored phishing campaign reportedly orchestrated by Russian state-sponsored threat actors known as APT28.

Shane Huntley, the head of Google’s cybersecurity division Threat Analysis Group (TAG), took to Twitter to note that it had just shared an "above average batch" of warnings with around 14,000 users. 

“These warnings indicate targeting NOT compromise. If we are warning you there's a very high chance we blocked [the malicious message]," explained Huntley to anyone spooked by the warnings. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

He added that this month’s increased numbers are due to the persistent attempts from a small number of widely targeted, but eventually blocked, campaigns.

Detected and blocked

According to BleepingComputer, the campaign was detected in late September and accounts for a larger than usual batch of government-backed attack notifications that Google sends to targeted users every month.

Huntley went on to explain that the warnings are usually sent to activists, journalists, government officials, or people that work national security structures, since they are the ones who usually find themselves in the cross-hairs of state-sponsored threat actors.

In an official Google statement Huntley reaffirmed that "100% of these emails were automatically classified as spam and blocked by Gmail."

But then why the notifications? Huntley explained that the warnings serve as a reminder to people that they are on the potential hit list of threat actors and should keep their eyes peeled for suspicious emails, and take steps to fortify their email accounts, such as enabling two-factor authentication (2FA).

Huntley also shared that the team sends out the notifications in batches, rather than as and when the threats were detected, in order to prevent the attackers from deducing Google’s defense strategies.

Via BleepingComputer

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.