Google Workspace government-backed attack warning
ID:google_workspace_government_backed_attack
Data type:Google Workspace
Severity:
High
MITRE ATT&CK:TA0001:T1078
Description
AlphaSOC detected an audit event gov_attack_warning indicating Google has
flagged a user account as potentially targeted by a government-backed actor.
Impact
Accounts flagged for government-backed targeting face heightened risk of credential compromise, targeted phishing, and sustained surveillance. A successful attack can result in account takeover or unauthorized access to sensitive data.
Severity
| Severity | Condition |
|---|---|
High | Google Workspace government-backed attack warning |
Investigation and Remediation
Immediately review the flagged account activity. Isolate the account where feasible, require immediate password and token rotation, and enforce multi-factor authentication. Conduct a broader environment review for lateral movement, and treat the event as a high-priority incident requiring escalation and forensic capture.