Advertisement

Google blames suspected Russian hacking group for targeting 14,000 Gmail users

Several academics and journalists reported being targeted.
Turla, a hacking group linked with Russia, has put some interesting names on its code strings. (Andy Emel/Getty Images)

Russian hackers targeted approximately 14,000 Gmail users last month, according to the company’s Threat Analysis Group. While 100% of the emails were blocked by spam, Google TAG director Shane Huntley characterized the batch as “above average” on Twitter.

The campaign from the group known at APT28 made up 86% of Google’s recent alerts to users about government-backed attackers, Huntley said in an email. Google batches these kinds of alerts to users rather than during the moment of detection to help keep attackers from figuring out their defense strategies, he explained.

Several Gmail users reported on Twitter receiving the alert, including several researchers and journalists. Huntley said the campaign was targeted “across a wide variety of industries.”

APT28, also known as Fancy Bear, is best known for hacking the Democratic Party ahead of the 2016 U.S. election. The group has received less attention in recent months in comparison to sweeping hacking campaigns attributed to other Russian groups, including one that exploited SolarWinds software to infiltrate nine U.S. federal agencies. And despite being less active during the 2020 election, researchers say the group has been quietly working in the background.

Advertisement

According to the alert sent to users, government-based phishing attacks happen to “less than 0.1%” of all Gmail users. The alert included a tip about keeping Microsoft Word up to date.

The report is just the latest indication that in the wake of growing tensions between the United States and Russia over cybercrime, Russian state actors haven’t let up on espionage efforts.

In May Russian hackers breached Microsoft customer support to launch phishing attacks against government and non-governmental agencies and nonprofits in 36 countries, Microsoft reported. The attacks were largely unsuccessful.

 

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts