Connect with us

Hi, what are you looking for?


Incident Response

Google Warns Thousands Each Month of State-Sponsored Attacks

Each month, Google sends thousands of warnings to users who might have been targeted in government-backed attacks, even if the attempts have been blocked.

Each month, Google sends thousands of warnings to users who might have been targeted in government-backed attacks, even if the attempts have been blocked.

Highly targeted and more sophisticated when compared to typical phishing attempts, which are mainly focused on financial fraud, these state-sponsored attacks come from dozens of countries worldwide, Google says.

Only an extremely small fraction of Google’s users have received such an alert, and they don’t necessarily mean that accounts have been compromised, but the search giant urges all of those who receive the notification to take immediate action.

 “We hope you never receive this type of warning, but if you do, please take action right away to enhance the security of your accounts,” Google says.

Users are also provided with guidance on how to improve the security of their accounts, but they can choose to dismiss the warning.

The Internet company has been issuing such alerts since 2012, and recently also brought the warnings to G Suite. Thus, administrators receive an alert when the company detects a possible government-backed phishing attempt targeting a user in the admin’s corporate network.

The warnings themselves have evolved over time from simple text messages displayed at the top of recipient’s Gmail page to more prominent banners.

Advertisement. Scroll to continue reading.

Such warnings don’t arrive immediately after the phishing attempt was detected, but are sent periodically, to ensure that the attackers can’t determine the technology that allows Google to detect the attacks.

“We intentionally send these notices in batches to all users who may be at risk, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defense strategies. We have an expert team in our Threat Analysis Group, and we use a variety of technologies to detect these attempts,” Google reveals.

In addition to alerting the user, the web search company informs the law enforcement on the detected attempts, so they can investigate the incidents on their own.

To improve the security of their accounts, all users are advised to enable two-step verification in Gmail. Those who believe they might be targeted by government-backed phishing should also consider enrolling in the Advanced Protection Program, Google underlines.

Related: Google Warns Users of Recent State-sponsored Attacks

Related: Google Offers G Suite Alerts for State-Sponsored Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...