Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google Security

Google Warns 14,000 Gmail Users Targeted By Russian Hackers (bleepingcomputer.com) 13

Google has warned about 14,000 of its users about being targeted in a state-sponsored phishing campaign from APT28, a threat group that has been linked to Russia. BleepingComputer reports: Shane Huntley, who is at the helm of Google's Threat Analysis Group (TAG) that responds to government-backed hacking, notes that the higher-than-usual number of alerts this month comes from "from a small number of widely targeted campaigns which were blocked." The campaign from APT28, also known as Fancy Bear, lead to a larger number of warnings for Gmail users across various industries. In a statement sent by a Google spokesperson, Huntley says that Fancy Bear's phishing campaign accounts for 86% of all the batch warnings delivered this month. He explains that these notifications indicate targeting of the recipient, not a compromise of their Gmail account: "So why do we do these government warnings then? The warning really mostly tells people you are a potential target for the next attack so, now may be a good time to take some security actions."

Huntley says that these warnings are normal for individuals such as activists, journalists, government officials, or people that work national security structures because that's who government-backed entities are targeting. All the phishing emails from the Fancy Bear campaign were blocked by Gmail and did not land in the users' inboxes as they were automatically classified as spam. "As we've previously explained, we intentionally send these notices in batches, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defense strategies," Huntley said.

This discussion has been archived. No new comments can be posted.

Google Warns 14,000 Gmail Users Targeted By Russian Hackers

Comments Filter:
  • I mean, if not, that's a lot of targeted people. Otherwise, it's just another slash-dupe.

    • by shanen ( 462549 )

      Is that dismissive FP the reason the story is dying so quietly?

      However, as regards the "dupe" problem, it would be good if (1) the editors communicated with each other more, or at least read each other's work, and (2) there should be a mechanism to slow down certain stories that merit more discussion. Maybe the lack of such a mechanism is where some dupes come from?

      My own curiosity about the topic is whether there is any reason to believe the number of targets is so small.

  • We haven't had enough dupes around here lately.

  • to "protect" them... because everyone is safe when they share their phone number

  • Sure its Russian and not say Chinese or some other country? Russia is just a scape goat for everything in the world at this point and second they claim russia i just say meh cause its probably more fake news like 4 years of russia we got.
  • This might be OT; however: Google has been spamming (attacking?) my web site for months now. (No, I didn't change the criteria for googlebot web crawling) I've tried several times to raise the issue with Google; and have not received a response (slammed doors is more like it). What they (googlebot) are doing - making bad actors harder to find by having thousands of 'fake' calls to my website.

    Worse -- if you were to search my website (with google) ... the first result is their fake call (which is not on
    • by ls671 ( 1122017 )

      Just to make sure, configure your web server to write the requester IP address in the logs and do a whois on the IP to make sure it belongs to Google.

      User agent strings sent by requesters can very easily be faked. In fact, you sent whatever you want.

      I have never seen legitimate Google IP addresses querying my servers with nonexistent URL or ones that were never hosted on my servers so this sounds new to me.

       

    • by ls671 ( 1122017 )

      Oh! Also, maybe somebody put those URL in links on their website either intentionally or by making a typo. Google bot would scan their site, find the link, then query your site to see what it is.

      Anyway, I use mod_security (Web Application Firewall) and just return 403 (deny) to a bunch of bots during the day so the requests are rejected at the reverse-proxy and don't cause unwanted load on the web servers behind the reverse-proxy.

      I block a whole bunch of bots permanently and some such as Google, Bing, Duckd

  • The average US citizen doesn't care about Fancy Bear. Wake me up when Google figures out a way to send warnings to users who have been targeted by a secret subpoena. Maybe a daily newsletter that reads, "You have NOT been the subject of a subpoena" which goes to your junk folder or inbox, depending on warrant status.
  • China for example is not far behind, as far as state-sponsored phishing attacks go, so why is this article only about The Russians? Is Google really only informing users of that specific attack? Is so, what about other major attacks? https://www.csis.org/programs/... [csis.org]
  • I really have to wonder about the timing of these attacks.

    Google; give us your cell number so we can make your account safe from hackers. .

    Everyone; Oh Hells no. Your not getting our cells numbers.

    Google; Oh look! Russian Hackers are attacking email accounts!!

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...