Google recently warned 14,000 people that they were targeted in the last month by phishing emails sent by a hacking group with ties to the Russian government, though the company says it automatically detected and defended its users against these messages.
Motherboard reports that Google attributed the phishing attacks to an advanced persistent threat (APT) actor called APT28. The group, which is also known as Fancy Bear, is believed to be responsible for attacks on everything from the Democratic National Committee to people who stayed at hotels throughout Europe and the Middle East.
Google has warned people when they are targeted by state-sponsored attacks since 2012. This week, Google Threat Analysis Group (TAG) head Shane Huntley offered additional commentary about this most recent batch of warnings in a Twitter thread:
The most important point: “What we see over and over again is that much of the initial targeting of government backed threats is blockable with good security basics like security keys, patching and awareness,” Huntley says. Many of these defense mechanisms aren’t prohibitively complicated to implement, and they can defend against many types of threats.
Targets of state-sponsored attacks can also use something like Google’s Advanced Protection Program, as Electronic Frontier Foundation Director of Cybersecurity Eva Galperin advises, to improve their security:
Tech companies have worked to improve user security—whether they like it or not—in recent months as well. Google plans to automatically enroll more than 150 million accounts in two-factor authentication by the end of the year, for example, and Microsoft recently advised its users to replace their passwords with a more secure verification method.
