Russian hackers are not the only set of malicious actors the United States needs to be aware of from a cybersecurity perspective. According to Google’s Threat Analysis Group (TAG), multiple Gmail users affiliated with the U.S. government were alerted to an attempted phishing attack by a Chinese-backed hacking group noted as APT31 in February. Fortunately for government officials, the attempted attack was unsuccessful as all of the emails containing phishing links were automatically marked as spam and filtered by Gmail.
“Today, we sent those people who were targeted government backed attacker warnings,” Shane Huntley, director of Google’s Threat Analysis Group wrote on Twitter. “We don’t have any evidence to suggest that this campaign was related to the current war in Ukraine. In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government. 100% of these emails were automatically classified as spam and blocked by Gmail.”
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
When a government sponsored hackers attempt to send a malicious email, users will receive the alert below warning them of a potential attack. According to Google’s support page, attacks happen less than 0.1% of all Google account users.
On March 7th, Google posted an update on the site’s official blog page informing users on the different attack groups backed by foreign governments such as Russia, China and Belarus. One of these groups, known as FancyBear/APT28 is a Russia-backed collective that attempted a phishing attack of their own on a Ukrainian media company by attempting to create a fake Blogspot sign-in page to steal usernames and passwords. A Belarusian hacking group noted as Ghostwriter/UNC1151 also conducted a similar attack against Ukrainian and Polish government and military organizations.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
“All organizations, including government entities, are targets of nation-states and cybercriminals,” said James McQuiggan, security awareness advocate at KnowBe4. “By phishing humans, they look at it as the more accessible way into the systems and infrastructure. Gaining access through a government employee’s email address is easy to bypass the technology and gain entry into the government infrastructure and systems.”
In order to combat these attempted attacks, McQuiggan recommends that businesses remain vigilant in their IT protocols and make employees aware of the potential threats faced by companies from these various harmful actors.
“Organizations must maintain a strong security awareness training program and frequently update employees on the latest attack patterns and phishing emails,” McQuiggan said. “Employees can make the proper decisions to identify potential phishing emails and report them. This action makes for a more robust security culture and allows the organization to work towards being a more substantial asset for the security department.”
In addition to being aware of potential threats, it is important that organizations are investing in the best antivirus software available to create another layer of security. This extra buffer can give both enterprises and its employees peace of mind when it comes to browsing the internet safely and doing business securely.