Google notified 14,000 Gmail users worldwide who might be at a high risk of compromise due to the Russian Government-backed threat group Fancy Bear aka APT28. It subsequently said it would also be delivering security keys to 10,000 users...

Continue reading
APT28, also known as Fancy Bear, is a government-backed threat group that has been active since 2004. One of their campaigns recently led to Google notifying 14,000 Gmail Users that they might be a potential target. The users targeted are from a wide range of sectors, including journalists, NGOs, and think tank members worldwide.

The objective behind these emails is to warn people about being a potential target; Google has been sending these warnings since 2018. If one is to receive such a warning, prompt action must be taken, including enabling 2FA on one’s account and enrolling in the Advanced Protection Program. This program significantly decreases the number of phishing emails and is further provided with security keys.
A bulk of initial targeting of APT threats can be blocked with security keys and patching. Hence, Google has blocked all phishing emails from the Fancy Bear campaign and are directly sent to the spam folder.
The day following Google’s notification, it released a statement saying it will distribute 10,000 security keys to high-risk users for free of cost in an attempt to keep their accounts safe and increase awareness about their Advanced Protection Program(APP).
Shane Huntley from Google Threat Analysis Group(TAG) gave a statement saying, _“This particular campaign comprised 86% of the batch of warnings we sent for this month.”_ Moreover, the warnings received from Google signify ‘Targeting’ rather than compromise; these are used to alert a potential target for the next attack. One must increase their security measures. Google warns thousands of people every month, but the volume of 14,000 users in this particular campaign is quite alarming.
_"APP brings Google’s strongest security protections together into a holistic program that is constantly upgraded in response to emerging threats. APP is available to all users but is specifically designed for individuals and organizations at higher risk of targeted online attacks, such as elected officials, political campaigns, human rights activists, and journalists"_, said Google in its recent blog post.
service-reset-password-moderate-digital[.]rf[.]gdreset-service-identity-mail[.]42web[.]iodigital-email-software[.]great-site[.]netThroughout these continual alerts, Google aims to inform most individuals to avoid being a viable target by adaptively improving their defenses. And in order to effectively execute that, Google has been recommending everyone to enroll in the Advanced Protection Program for work and personal email.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation