- Google’s blog post detailed reasons behind latest security warning issued to users
- The cyber threat group called APT28 has been active since 2004
- APT28 is believed to be responsible for compromising Hillary Clinton’s 2016 campaign
Search engine and tech giant Google has issued a security warning to over 14,000 Gmail users after it discovered and blocked a significantly high number of phishing emails sent by an alleged Russian-backed hacking group.
In late September, Google discovered “a large volume of Gmail users (approx 14,000) across a wide variety of industries” being targeted by a campaign launched by APT28 — a threat group that has been active in the cyber world since 2004.
“This particular campaign comprised 86% of the batch of warnings we sent for this month,” Shane Huntley, Director of Google’s Threat Analysis Group (TAG) revealed Wednesday.
“Firstly these warnings indicate targeting NOT compromise. If we are warning you there’s a very high chance we blocked,” Huntley explained on Twitter.
“If you are an activist/journalist/government official or work in NatSec, this warning honestly shouldn’t be a surprise,” he said in the thread.
“So why do we do these government warnings then? The warning really mostly tells people you are a potential target for the next attack so, now may be a good time to take some security actions,” Huntley further said.
“At some point, some government-backed entity probably will try to send you something,” he noted while encouraging users to double-check their account security settings.
“What we see over and over again is that much of the initial targeting of government-backed threats is blockable with good security basics like security keys, patching and awareness, so that’s why we warn,” the executive said in another tweet.
Huntley, who heads the TAG team, which is Google’s security division centered on looking out for threat and malicious actors, is confident they blocked all the phishing emails sent by the notorious APT28 in this particular campaign.
“Even if you don’t receive such a warning, you should enable 2-step verification in Gmail,” Google said in a new blog post.
“And if you think you’re at particular risk of government-backed phishing, consider enrolling in the Advanced Protection Program, which provides even stronger levels of security,” Google advised users.
The threat group APT28 is a known entity in the cyber world and has been linked to the Russia General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.
The group is believed to be responsible for compromising the Hillary Clinton campaign, the Democratic National Committee and the Democratic Congressional Campaign Committee in 2016. Many believe the group was ordered to try to interfere with the U.S. presidential election back then.