India, apart from the United States of America and the United Kingdom, was one among the most affected countries that were allegedly targeted by a Russian government-backed APt28/Fancy Bear Gmail phishing campaign, according to a report by Google's Cybersecurity Action Team. The report, a first of its kind, said that Google's Cybersecurity Action Team observed a large-scale attack of a credential phishing campaign targeting more than 12,000 Gmail accounts by this threat actor. Fancy Bear earlier used to target Yahoo! and Microsoft users, the report said. Other countries that were targeted include Canada, Russia, Brazil, and members of the European Union. This is a sign that state-sponsored cyber-attacks are a reality today. Not just in the United States, but as this research shows, closer home in India; it was reported last year by India Today and Times of India that power substations in Maharashtra and Telangana were attacked by Chinese hackers. These attacks on critical infrastructure indicate a paradigm shift in modern warfare. It warrants a massive overhaul of a country’s cyber defense capabilities and a need for more transparency in the process. How exactly did Fancy Bear target users? The attackers were using patterns similar to TAG’s (threat analysis group) government-backed attack alerts to lure users to change their credentials on the attacker’s controlled phishing page. The attackers kept changing the emails’ subject line but attackers used a variation of Critical security alert — Google report (emphasis ours) [caption id="attachment_150951" align="alignnone" width="1467"] Body of the phishing email that users received…
