Many Hungarian journalists got a warning message from Google that an attack had been set to have access to their messages. Supposedly, APT28, also known as Fancy Bear, was behind the attack. It is a Russian group of hackers, connected to the secret service. Their global campaign had thousands of people as their target, among them journalists and civil activists.
When the victims tried to log in to their email accounts, Google showed an alert of a “government-supported attack”. The chance that attackers working for a state body wanted to hack the accounts were high, but fortunately, the attack was blocked. The identity of the hackers and the methods that were used were not disclosed because otherwise, the hackers would have found out how Google detected and blocked their attack. This could help them change their strategy, writes atlatszo.hu.
Shane Huntley, the leader of Google’s security team, Threat Analysis Group (TAG), wrote on Twitter that on Wednesday-Thursday, an unusually high number of hacks were detected, and they alerted about 14,000 users. This does not mean that all users were hacked if a warning was sent, and the hack was probably blocked. Later, APT28 was named as the hackers. They used phishing to get access to the emails.
Hungarian journalist Tamás Bodoky said that a strong password and multi-step identifications, such as text messages or hardware keys, are useful to those who have become victims because they might become targeted again, and Google may not always be able to stop the hackers, wrote hirklikk.hu.
The journalist also said that the hackers might have tried to gather information for political reasons. He thinks that attacks on journalists have become more frequent recently, or it could be that in the past, these attacks were not spotted.
It is alleged that the hacker group consists of two units of GRU, a part of the Russian military responsible for gathering information.
The group has been known since 2014, and their activity was connected to targeting journalists who wrote articles that the Kreml did not particularly like. They sent threats in the name of the Islamic State, sent malware to companies, leaked emails of the American Democratic Party, but they also leaked messages of French politician Emmanuel Macron.