A warning has been issued by Google that a nation-state threat group, identified as APT28, has been conducting a spearphishing campaign. The unsuccessful campaign was spotted in late September.

What happened?

The threat group has connections with Russia and attempted to target 14,000 Gmail users.
  • The warnings were sent to Gmail users, especially activists, journalists, and officials working at agencies responsible for national security.
  • However, there were no confirmed reports of compromised Gmail accounts.
  • Gmail had already blocked all of the phishing emails by classifying them as spam before they could hit the inbox of users.
  • The spearphishing campaign accounted for 86% of all the warnings that were sent by Google this month.

About APT28 

  • APT28, aka Fancy Bear, has been active since 2004 and is often observed in malicious activities related to data theft and espionage.
  • Previously, the group had targeted the Norwegian Parliament, along with members of the German federal parliament.
  • In July, the APT28 group had used brute-force attacks aimed at cloud resources of multiple industries, such as government, defense, and energy.

Conclusion

Experts say there are always some ongoing hacking attempts against journalists, government officials, activists. Only this time, most of the warnings were related to phishing emails from the same threat actor i.e. APT28. Gmail users should continue watching for such suspicious emails.
Cyware Publisher

Publisher

Cyware