[huntsman]

My team at Google is responsible for identifying the users we give these warnings to. Here's what I wrote last year to provide a bit more context: https://security.googleblog.com/2017/03/reassuring-our-users...

The most important point is that this indicates signs of targeting not compromise. Also,like all systems there are false positives especially for security researchers and the similar types but we hope it is a useful indicator to reassess your security posture.

[pimlottc]

Thanks for the extra context. One thing I didn’t see addressed that I’m curious about is how does Google distinguish a “government-backed” attack vs your normal everyday hackers? Is it a function of the specific methods used, the depth and breadth of resources deployed, source ip ranges, or what?

[huntsman]

It's a range of factors. Basically this warning means that what we detected ties in some way to wider activity that looks government backed. There's some border cases, but in practice the targeted campaigns of governments look very different in both technique, volume and targeting to say a widespread cybercrime phishing campaign. It's not a perfect science, but we believe its worth calling out separately the activity that does fall into this bucket.

[Bombthecat]

But Google would tell me if they were successful,right?

Also: should I tell my coworkers what happened?

[huntsman]

If we detected your account was compromised Google would have given you a different notification at that time and forced you to change your password.

[Bombthecat]

Thanks,at least it is something.

I'm really curious what they hoped for though.

I have nothing of interest. I do nothing interesting ( except they get really excited about people working in IT consulting) which probably would be millions by now...

[rjbwork]

Do you have any controversial opinions? Have you ever worked for any governments? How about any weapons or other military contractor companies? Critical IT infrastructure? Could be a number of reason's you're targeted.