Google warns ‘relatively large group’ about phishing by Russian criminals

Google sent “an above-average batch” of alerts to users this week. According to the warnings, state hackers may be trying to take over a user’s Google account. It concerns about fourteen thousand users.

It is not clear how many alerts are sent in a normal week, but according to Shane Huntley, executive of Google’s Threat Analysis Group, “above average” were sent on Wednesday. The increase is due to “a small number of large phishing campaigns that have been blocked,” Huntley writes.

In a statement sent to, among others, Bleeping Computer, Huntley said a campaign by APT28, also known as Fancy Bear and Strontium, was responsible for 86 percent of all warning messages this month. According to this statement, about 14,000 users have been warned.

With such a warning, Google says it has found indications that state hackers are trying to steal users’ passwords. The company can’t tell you what the clues are, because otherwise criminals can find out and adjust their tactics. That’s why the alerts are sent in batches so that attackers don’t know when Google found out about the campaign.

These are phishing emails that are automatically marked as spam by Google and therefore did not end up in users’ inboxes. Users who receive such a warning are advised to join Google’s Advanced Protection Program. APT28 is seen as a hacker division of the Russian military intelligence service GRU. Last year, this group is said to have committed cyber attacks on pharmaceutical companies working on corona vaccines.