Russian activists and journalists receive Google warnings over nation-state hacking attempts
'It is possible that this is only the tip of the iceberg,' wrote one activist.
Over the last 48 hours, a slew of Russian activists and independent journalists have reportedly received warnings notifying them that "government-backed" hackers may be attempting to illegally access their email inboxes.
According to activist Oleg Kozlovsky, who took to social media to talk about the incident, at least 16 people were targeted. In a list posted to Facebook, other accounts were related to political activist Nikolay Kavkazsky, civil rights activist Roman Dobrokhotov and journalist Vera Kichanova.
"It is possible that this is only the tip of the iceberg: those attacks that Google has recognised and could be prevented," Kozlovsky wrote.
One targeted victim, US Bellingcat researcher Aric Toler, posted a warning he received on Twitter. He confirmed the notice was "not a phishing email" and that it was legitimately sent to his inbox by Google. "I'm not the only one," he said in a separate update.
The warning stated: "Government–backed attackers may be trying to steal your password. We can't reveal what tipped us off because the attackers will take note and change their tactics, but if they are successful at some point they could access your data or take other actions using your account."
On Facebook, reportedly after receiving a similar note, Transparency International security consultant Alexey Shlyapuzhnikov wrote: "What exactly do they want to find in the downloaded archive email accounts? And most importantly – what is the ultimate goal of the organisers of the attack? What are they preparing for?"
According to Global Voices Advocacy, which first reported news of the warnings, it is believed that at least three NGOs were targeted by the state-sponsored hackers, however these targets have not been named at the time of writing.
The identity of the culprit remains unknown, however the activists suspect the involvement of Russian intelligence or pro-government hackers. Last month, independent news outlet Bellingcat was featured in an investigation by cybersecurity firm ThreatConnect which found evidence its writers had been targeted by the notorious Fancy Bears group.
Bellingcat has investigated the ongoing case of Malaysian Airlines Flight 17, which was shot down over Ukraine two years ago and Toler told IBTimes UK he "almost certainly" got his warning due to his past reporting. Others warnings however, may have been phishing attempts, he added, which would match the past known tactics of the Fancy Bears hackers.
ThreatConnect said that between May 2015 and May 2016, a number of people associated with the MH17 investigation came under "sustained targeting by Russian threat actors."
The researchers stated: "These spearphishing attempts consist of a variety of spoofed Gmail security notices alerting the target that suspicious activity was detected on their account. The target is prompted to click a URL resembling a legitimate Gmail security link to review the details of this suspicious activity."
As previously reported, Oleg Kozlovsky was named earlier this year in a separate case involving Russian state-sponsored hacking after his Telegram account was tampered with. After the incident hit the headlines, Telegram founder Pavel Durov said: "It looks like Russia's security services have started pressuring mobile operators."
Despite offering hacking notifications of this nature since 2012, Google bulked up the security on its Gmail service earlier this year.
"[The] warnings are rare but they are critically important," wrote Nicolas Lidzborski, Gmail Security Engineering Lead in March. "The users that receive these warnings are often activists, journalists, and policy-makers taking bold stands around the world."
© Copyright IBTimes 2024. All rights reserved.