Russian hackers Fancy Bear targeting Gmail users with phishing emails

Google reveals that 14 000 users were targeted in the email campaign by the APT28 hacker group

Russian hackers attempted to target Gmail users in state-sponsored email campaign that Google blocked

Google warned Gmail users after it was detected that a hacker group linked to Russia released a phishing email campaign targeting them.^[1] The particular incident was detected at the end of September when the not-so-typical large batch of phishing emails got sent.

All messages got blocked and further investigated, reportedly.^[2] Emails got classified as spam and blocked by Gmail before targets received them. The head of the Google Threat Analysis Group, Shane Huntley, noted that none of the accounts got compromised since emails were not received:

These warnings indicate targeting NOT compromise. If we are warning you there's a very high chance we blocked.

Russian hackers are responsible for a large number of hacks targeting Europe and the US, especially governments and large companies.^[3] The particular Fancy Bear group is known for targeting people across various industries in these state-sponsored attacks. Google commonly sent these warnings, but the specific alert sent to these14 000 users, fills 86% of all the batch alerts delivered this month alone.

Activists, journalists, government officials are common targets in such campaigns

Typically government-related attacks and campaigns from state-sponsored hackers aim at individuals in particular fields. Journalists, government officials, social activists, or people that work in national security structures get targeted due to the close connection. It is not revealed who were those particular targets in the phishing campaign, but people did not receive any of the messages, so there shouldn't be any risks.

This particular hacker group also is responsible for many incidents and has been known since 2004. Mainly the Fancy Bear group is known for espionage activities and data theft campaigns.^[4] The most recent attacks were aimed at the German Federal Parliament, members of the Bundestag, and the Norwegian Parliament.

These are valuable targets, and often such security incidents end in leaks, breaches, and secondary attacks directly aiming at disrupting the particular operations. With such activities, hackers can redirect the government's attention to important things like elections.

Russian state-sponsored attackers aim to breach governments

Microsoft also released a statement about Russian hackers who successfully breached large targets in the United States and Europe.^[5] The success of such attacks has gone up by 11%, meaning that state-backed criminal activities result in breaches, data leaks, and other instances.

Even though various government institutions boost defenses against Russian and Chinese criminal behavior, these countries still remain relating these campaigns targeting huge companies and networks of the government institutions. Russian hackers have already released nine operations based on espionage in 2020.

Exploiting software made by SolarWinds was one of the biggest breaches.^[6] The same group still tries to breach organizations, and these espionage campaigns do not seem to be stopped anytime soon. Attacks on critical infrastructures can just become more popular. There are many investigations held that show evidence of repositioning against the US. These are the things that countries need to work on.

Unfortunately, the tension between the United States and Russia over cybercrime is intensifying due to such incidents. Even though some of the phishing and espionage attacks against government and non-government agencies were unsuccessful, Russian state-backed hackers do not let go of their espionage efforts anytime soon.