They were targeted with phishing emails, which were automatically classified as spam and blocked by Gmail, ensuring they did not land in the users inboxes.
The APT28 group, also known as Pawn Storm, Sofacy Group, Sednit, and STRONTIUM have been active since at least 2007 and targeted governments, militaries, and security organisations worldwide.
The most common forms of cybercrime they engage with include espionage related activity and data theft.
Google’s Threat Analysis Group (TAG) detected the campaign, and sent out multiple government-backed security warnings in late September. The attack by APT28 was not fully successful, due to Google's robust Gmail defences.
Shane Huntley, director of TAG, commented that “If you are an activist / journalist / government official or work in NatSec, this warning honestly shouldn’t be a surprise, ” going on to say that “At some point, some government-backed entity probably will try to send you something,” while urging users to review account security settings.
Photo by 🇸🇮 Janko Ferlič on Unsplash