On Wednesday, Google sent notifications to more than 14,000 users warning them about a possible phishing attack by Russian cyber espionage group APT28. The threat group, more notably known as Fancy Bear, is believed to be sponsored by the Russian government and has been targeting government, military, and security organizations all over the world for over a decade. The group’s most common methods of infiltration include malware drop websites, zero-day vulnerabilities, and their most successful deployments, spear phishing emails.
According to Google’s Threat Analysis Group (TAG), the phishing campaign was detected in late September and targeted individuals of interest, such as activists, journalists, government officials, or those that work in national security structures.
TAG assured that all emails sent by the APT28 group were most likely blocked and immediately sent to spam. However, they advised that if users received Google’s warning, then measures should be taken to reinforce their security strategies. One of their recommendations is enrolling in Google’s Advanced Protection Program, which is specifically designed to protect users with high visibility and sensitive information from targeted online attacks.