Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Google Blocks Chinese Phishing Campaign Targeting U.S. Government

Google says it has blocked a phishing campaign originating from China and aimed at Gmail users associated with the U.S. government.

Google says it has blocked a phishing campaign originating from China and aimed at Gmail users associated with the U.S. government.

The attacks, Google Threat Analysis Group (TAG) director Shane Huntley said on Tuesday, happened in February and were completely blocked. According to him, TAG has no evidence that these attacks are related to the war in Ukraine.

“In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government. 100% of these emails were automatically classified as spam and blocked by Gmail,” Huntley said.

Also tracked as Zirconium, Judgment Panda, and Red Keres, the Chinese hacking group is known for the targeting of entities in the United States, Canada, and various European countries, including Belarus, Finland, and France. Last year, the group also targeted Russia.

Likely working on behalf of the Chinese government, APT31 was previously observed targeting known vulnerabilities in Microsoft Exchange, and likely acquired and cloned an exploit associated with the NSA-linked Equation Group.

Huntley also said that Google has sent warnings to all users who had their accounts targeted in government-backed attacks, including those who were not the focus of APT31.

Google sends these notifications in batches and not when the attacks are detected, to prevent threat actors from identifying its defensive strategies.

The Internet giant advises all individuals who might be at risk – such as journalists, politicians, activists, executives, and celebrities – to enroll in its Advanced Protection Program for both business and personal accounts.

Advertisement. Scroll to continue reading.

This week, Google also shared information on recent cyberattacks targeting Ukrainian users, including phishing assaults attributed to Russian and Belarusian threat actors, and Ukraine-themed phishing campaigns targeting entities in Europe.

The Internet giant also says that it has observed numerous distributed denial-of-service (DDoS) attacks targeting Ukrainian sites over the past couple of weeks, and that it will continue monitoring activity related to Ukraine and Russia.

Related: China-Linked APT31 Abuses Hacked Routers in Attacks, France Warns

Related: Fresh Warnings Issued Over Abuse of Google Services

Related: Google Fights Phishing With Updated Workspace Notifications

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.