My First State-Sponsored Attack

I thought I’d seen it all but today I was stunned by a warning from our friends at Google. This month I’m celebrating the 16th anniversary of my battle against spyware, adware, malware, viruses, Trojans, root kits, zero-day vulnerabilities and more. I’ve had my share of password surfers, phishing emails, denial of service attacks and cease and desist orders but today was a first.

The warning from Google said “We believe state-sponsored attackers may be attempting to compromise your account or computer.”

It started with an Email to a GMail account I rarely use but is connected to many Google tools that I use. The subject line said
“Suspicious sign in prevented”

I normally may have ignored this Email. I tend to be cautious of any official looking Email with links. When moving my over the links they appeared to be legitimate from Google but I still manually entered Gmail.com on another computer to change my password. That’s when Google displayed the banner warning me about a state-sponsored attack. 

Apparently this happens so often that Google has a help page just for this situation. Clicking on the “Protect yourself now” link opened up a page with additional recommendations.

 
Click to view web page

This attack has been identified as “state-sponsored” but I doubt it’s really my first and probably won’t be my last.

I’ve taken appropriate steps to protect my account but I’m still curious about a few things. What in particular identifies this attack as state-sponsored? Even more important, which state is attacking me?