On Wednesday, Google sent notifications to more than 14,000 users warning them about a possible phishing attack by Russian cyber espionage group APT28. The threat group, more notably known as Fancy Bear, is believed to be sponsored by the Russian government and has been targeting government, military, and security organizations all over the world for over a decade. The group’s most common methods of infiltration include malware drop websites, zero-day vulnerabilities, and their most successful deployments, spear phishing emails.
According to Google’s Threat Analysis Group (TAG), the phishing campaign was detected in late September and targeted individuals of interest, such as activists, journalists, government officials, or those that work in national security structures.
TAG assured that all emails sent by the APT28 group were most likely blocked and immediately sent to spam. However, they advised that if users received Google’s warning, then measures should be taken to reinforce their security strategies. One of their recommendations is enrolling in Google’s Advanced Protection Program, which is specifically designed to protect users with high visibility and sensitive information from targeted online attacks.
Analyst Notes
Phishing is a form of social engineering where the threat actor tricks the victim into clicking links that appear legitimate and then sends the user to familiar-looking sites. The next stage of the attack, referred to as a man-in-the-middle attack, can intercept sensitive information as the attacker sits between the client and server. Additionally, phishing emails often have malicious attachments that may contain malware, ransomware, or another online threat.
The best defense is to be vigilant of any suspicious emails that appear threatening or call for an urgent response. Be aware of unknown senders and generic greetings. Never click on any suspicious links or attachments and report these suspicious emails to IT admins.
https://www.bleepingcomputer.com/news/security/google-warns-14-000-gmail-users-targeted-by-russian-hackers/
