Russian hackers targeted approximately 14,000 Gmail users last month, according to the company’s Threat Analysis Group. While 100% of the emails were blocked by spam, Google TAG director Shane Huntley characterized the batch as “above average” on Twitter.
The campaign from the group known at APT28 made up 86% of Google’s recent alerts to users about government-backed attackers, Huntley said in an email. Google batches these kinds of alerts to users rather than during the moment of detection to help keep attackers from figuring out their defense strategies, he explained.
Several Gmail users reported on Twitter receiving the alert, including several researchers and journalists. Huntley said the campaign was targeted “across a wide variety of industries.”
APT28, also known as Fancy Bear, is best known for hacking the Democratic Party ahead of the 2016 U.S. election. The group has received less attention in recent months in comparison to sweeping hacking campaigns attributed to other Russian groups, including one that exploited SolarWinds software to infiltrate nine U.S. federal agencies. And despite being less active during the 2020 election, researchers say the group has been quietly working in the background.
According to the alert sent to users, government-based phishing attacks happen to “less than 0.1%” of all Gmail users. The alert included a tip about keeping Microsoft Word up to date.
The report is just the latest indication that in the wake of growing tensions between the United States and Russia over cybercrime, Russian state actors haven’t let up on espionage efforts.
In May Russian hackers breached Microsoft customer support to launch phishing attacks against government and non-governmental agencies and nonprofits in 36 countries, Microsoft reported. The attacks were largely unsuccessful.