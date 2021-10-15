



Google warned this year of a surge in government-sponsored hacker activity, including attacks from Iranian groups targeting British universities.

So far in 2021, search groups have sent more than 50,000 warnings to account owners that they are the target of government-sponsored phishing and malware attempts. Google said in a blog post that this represents a one-third increase over the same period last year, due to an unusually large campaign by a Russian hacking group known as APT28 or Fancy Bear. I am.

However, Google’s post focused on groups linked to Irans Revolutionary Guards, known as APT35 or Charming Kitten. This group regularly performs phishing attacks, such as using email to trick someone into passing sensitive information or installing malware.

This is one of the groups that confused campaign staff during the 2020 US presidential election cycle, writes Ajax Bash, Google’s threat analysis group. For years, the group has used new technologies to hijack accounts, deploy malware, and spy on the interests of the Iranian government.

In an attack in early 2021, APT35 used a trial-and-error technique to attack websites related to universities in the United Kingdom. View the webinar. The user was also asked for a second factor verification code that would be sent directly to APT35.

Google did not name the British university, but in July it was reported that the School of Oriental and African Studies (Soas) at the University of London was targeted by APT35 in early 2021. The attack began with a fake email from a Soas scholar. People attended the webinar and started a series of interactions, creating dummy pages on the university’s radio website and tricking phishing victims into passing email usernames and passwords. Soas said in July that the attack had no access to personal information or data.

If I noticed a dummy site earlier this year, I immediately fixed it and reported the violation in the usual way. According to Soas, we saw how this was done and took steps to further improve the protection of these peripheral systems.

Regarding the attack on the British university, Mr. Bash said: Since 2017, APT35 has relied on this approach for high-value accounts in government, academia, journalism, NGOs, foreign policy and national security. Credential phishing through compromised websites shows that these attackers spend a very long time to look legitimate because they know that it is difficult for users to detect this type of attack. I am.

The blog post details other forms of APT35 attacks. This includes: Attempts to upload spyware to the Google Play store where Android phone users can purchase the app. Impersonate a conference participant to launch a phishing attack. According to Google, Telegram has since worked on that trick, but it uses the Telegram messaging service bot to notify users that they have visited a phishing site.

