Google has warned millions of its Gmail users about a phishing campaign spearheaded by hackers based in Russia.
In a report published on Monday, the search engine giant said that the attack is aimed to steal users’ account credentials using fake emails sent to their email addresses.
The campaign targeted over 12,000 Gmail accounts, but the company has intervened promptly to stop the malicious messages before they could do any further harm.
Google described the campaign in its first “threat horizon” report – a report about what cybercriminals are up to coined by Google’s Cybersecurity Action Team.
It has been found that the series of attacks were carried by “Fancy Bear,” a notorious hackers group supported by the Russian government.
“Fancy Bear…. Was observed at the end of September sending a large-scale attack to approximately 12K+ Gmail accounts,” researchers wrote. “Google blocked these messages, and no users were compromised.”
Attackers extracted users’ login details using a phishing email, a type of cyber-attack where cybercriminals use email messages to lure users into clicking malicious links. These messages are typically sent under the subject line “critically security alert” and designed in a way to make it look like it’s from Google.
The message read:
“There’s a chance this is a false alarm, but we believe that government-backed attackers may be trying to trick you into getting your account password. We can’t reveal what tipped us off because these attackers will adapt, but this happens to less than 0.1 percent of all users. If they succeed, they can spy on you, access your data, or take other actions using your account. We recommend changing your password.”
Users were tricked into clicking a link, which redirected them to a malicious site run by hackers. These websites resembled a Gmail login page, and once the victim got there, the Russian hackers could get what they wanted.
The emails were sent to millions of accounts around the globe but were stopped instantly.
“Highly targeted regions for this particular campaign include the United States, United Kingdom, and India,” they wrote. “Other noteworthy regions include Canada, Russia, Brazil, and members of the European Union.”
Heat map showing the targeted regions by attackers
Fancy Bear is said to be associated with a military unite working for Russia’s intelligence agency GRU. They are responsible for carrying out state-sponsored hacking campaigns of high-profile targets such as political activists and figures.
Fancy Bear, also dubbed Strontium, previously attempted to cause disruptions in the 2016 US presidential election as they broke into the Democratic National Committee and Hilary Clinton’s campaign.
To prevent phishing attacks, refrain from clicking any links sent from unknown sources. In addition, look out for spelling and grammatical errors to spot a phishing email. Emails with unusual email addresses are also a red flag.