When Google told users in June that it was going to start warning them about attacks on Gmail accounts that the company believed were coming from state-sponsored groups, it looked like an announcement that only would affect a tiny percentage of the company’s users. Journalists, activists and dissidents seemed like the target base. Now, Google officials say that they have seen a new wave of attacks and has issued warnings to more users as a result.
Google began warning users about state-sponsored attacks on Gmail accounts in June, saying that it had detected a series of attempted attacks by groups that it believed were connected with foreign governments. At the time, most people took that statement to mean that Chinese crews were targeting specific Gmail accounts as part of ongoing cyberespionage campaigns. That may have been the case at the time, but now Google officials say that they have new information about attacks and are beginning to warn thousands of new users that their accounts may be targeted.
A Google official told the New York Times that the company has collected new information about the kinds of attacks that are coming in against its users, and that there has been a step up in attacks coming from the Middle East. Security researchers have said the same thing in recent months, pointing to attacks emanating from Iran and other countries in the Middle East. China often is singled out as the source of most, if not all, of the cyberespionage activity aimed at U.S. interests right now, but they don’t have the market cornered.
Google’s warning in June told users that they might see a statement on their Gmail page or other Google accounts, telling them that if they see the warning, it shouldn’t be taken to mean that their account is compromised.
“If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account,” Google’s Eric Grosse, VP of security engineering, said in a blog post in June.
Some of the users targeted by the attacks from state-sponsored groups are in other countries, including Middle Eastern nations that have gone after their own citizens. Researchers have discovered attacks that have used phishing emails to lure victims into installing a piece of malware or spyware that will monitor their online activities.
Google has not disclosed how it is identifying state-sponsored attacks, but researchers have speculated that one way to accomplish that is by looking at the kind of techniques the attackers are using. High-level state-sponsored groups often are identified by the exploits they use. In many cases, these groups are targeting zero-day vulnerabilities that they either discovered themselves or bought from another group.
“You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored,” Grosse said earlier this year.