Russian hackers reportedly targeted approximately 14,000 Gmail users worldwide last month, according to the Threat Analysis Group, a consultancy specializing in security risk management. In a Twitter post, Google TAG Director Shane Huntley said 100% of emails were blocked by spam and characterized the batch as “above average”.
The well-known group’s APT28 campaign represented 86 percent of Google’s recent alerts to users about government-backed attackers, Huntley said in an email to CyberScoop. “Google batches these types of alerts to users, rather than during detection time, to help prevent attackers from discovering their defense strategies,” he explained.
Several Gmail users reported receiving the alert on Twitter, including several researchers and journalists. Huntley said the campaign was aimed “at a wide range of sectors.”
He suspects that the APT28, also known as Fancy Bear, is linked to the GRU, the Central Intelligence Department of the Russian military forces. The group is accused of hacking the Democratic Party ahead of the 2016 US election. The group has received less attention in recent months compared to widespread hacking campaigns attributed to other Russian groups, including one that exploited SolarWinds software to infiltrate nine US federal agencies. But despite being less active during the 2020 election, researchers say the group has been quietly working in the background.
According to the alert sent to users, government-based phishing attacks happen to “less than 0.1%” of all Gmail users. The alert included a tip on how to keep Microsoft Word up to date.
The report is just the latest indication that, in the wake of rising tensions between the US and Russia over cybercrime, Russian state actors have not given up on espionage efforts. In May, Russian hackers breached Microsoft’s customer support to launch phishing attacks against government and non-governmental agencies and non-profit organizations in 36 countries, Microsoft said. The attacks were largely unsuccessful.