Google: We’re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries


Google’s Threat Analysis Group (TAG) on Thursday said it’s tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021.

The warnings mark a 33% increase from 2020, the internet giant said, with the spike largely stemming from “blocking an unusually large campaign from a Russian actor known as APT28 or Fancy Bear.”

Automatic GitHub Backups

Additionally, Google said it disrupted a number of campaigns mounted by an Iranian state-sponsored attacker group tracked as APT35 (aka Charming Kitten, Phosphorous, or Newscaster), including a sophisticated social engineering attack dubbed “Operation SpoofedScholars” aimed at think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London’s School of Oriental and African Studies (SOAS).

Details of the attack were first publicly documented by enterprise security firm Proofpoint in July 2021.

Other past attacks involved the use of a spyware-infested VPN app uploaded to the Google Play Store that, when installed, could be leveraged to siphon sensitive information such as call logs, text messages, contacts, and location data from the infected devices. Furthermore, an unusual tactic adopted by APT35 concerned the use of Telegram to notify the attackers when phishing sites under their control have been visited in real-time via malicious JavaScript embedded into the pages.

Enterprise Password Management

The threat actor is also said to have impersonated policy officials by sending “non-malicious first contact email messages” modeled around the Munich Security and Think-20 (T20) Italy conferences as part of a phishing campaign to lure high-profile individuals into visiting rogue websites.

“For years, this group has hijacked accounts, deployed malware, and used novel techniques to conduct espionage aligned with the interests of the Iranian government,” Google TAG’s Ajax Bash said.

Products You May Like

Articles You May Like

WeLiveSecurity wins Best Cybersecurity Vendor Blog award!
Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters
New Attack Technique ‘Sleepy Pickle’ Targets Machine Learning Models
Arid Viper Hackers Spy in Egypt and Palestine Using Android Spyware
Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

Leave a Reply

Your email address will not be published. Required fields are marked *