Gmail users have been targeted for a state-sponsored phishing campaign, Google has warned 14,000 account holders.
The state? Probably Russia: The campaign was from APT28, or Fancy Bear, a threat actor group linked to that country, Bleeping Computer writes.
The effort was detected late in September. It accounted for 86% of all batch warnings delivered by Google this month, says Shane Huntley, the head of Google’s Threat Analysis Group, according to Bleeping Computer.
The warnings mean that the account has been targeted, not that it has been compromised. All of the emails were automatically classified as spam and blocked by Gmail, the report continues.
Huntley says: “As we've previously explained, we intentionally send these notices in batches, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defense strategies.”
The recipients usually include “activists, journalists, government officials, or people that work national security structures because that’s who government-backed entities are targeting,” Bleeping Computer notes.
In a tweet, Huntley says: “TAG sent an above average batch of government-backed security warnings yesterday.” It links to a 2018 article that illustrates what it means.
Meanwhile, Microsoft warns that “Nation state threat actors have become more sophisticated and harder to detect, creating a threat to security that is replicated by other cybercriminals.
But Microsoft adds that Russia is not the only nation-state actor actively hacking. After Russia, the largest number came from North Korea, Iran and China; South Korea, Turkey and Vietnam. Turkey is a new entry.
And, Iran “quadrupled its targeting of Israel in the past year and launched
destructive attacks among heightened tensions between the two countries ,” Microsoft continues.