Gmail users have been targeted for a state-sponsored phishing
campaign, Google has warned 14,000 account holders.
The state? Probably Russia: The campaign was from APT28, or Fancy Bear, a threat actor group linked to that country, Bleeping Computer writes.
The effort was
detected late in September. It accounted for 86% of all batch warnings delivered by Google this month, says Shane Huntley, the head of Google’s Threat Analysis Group, according
to Bleeping Computer.
The warnings mean that the account has been targeted, not that it has been compromised. All of the emails were automatically classified as spam
and blocked by Gmail, the report continues.
Huntley says: “As we've previously explained, we intentionally send these notices in batches, rather than at the moment we detect the
threat itself, so that attackers cannot track some of our defense strategies.”
The recipients usually include “activists, journalists, government officials, or people that
work national security structures because that’s who government-backed entities are targeting,” Bleeping Computer notes.
In a tweet, Huntley says: “TAG sent an above
average batch of government-backed security warnings yesterday.” It links to a 2018 article that illustrates what it means.
Meanwhile, Microsoft warns that “Nation state
threat actors have become more sophisticated and harder to detect, creating a threat to security that is replicated by other cybercriminals.
But Microsoft adds
that Russia is not the only nation-state actor actively hacking. After Russia, the largest number came from North Korea, Iran and China;
South Korea, Turkey and Vietnam. Turkey is a new entry.
And, Iran “quadrupled its targeting of Israel in the past year and launched
destructive attacks among heightened tensions between the two countries ,” Microsoft continues.