The Google Threat Analysis Group today announced that security researchers are currently tracking more than 270 government-sponsored threat actors operating from more than 50 countries.

This figure includes groups involved in disinformation campaigns as well as cyber espionage, Google said in today’s report.

If the attacks carried out by these groups include phishing emails, Google said it would also send email alerts to targeted Gmail users.

“So far in 2021, we have sent over 50,000 warnings, an increase of nearly 33% since this time in 2020,” said Ajax Bash, an analyst at Google TAG.

“This surge was primarily due to the blocking of an unusually large campaign by a Russian actor known as APT28 or Fancy Bear,” Bash added.

But even if APT28 was the cause of the biggest attack this year, Bash said another group, APT35, was more active. It has also been tracked as Charming Kitten, APT 35, Newscaster, Ajax Security Team, Phosphorus, and Group 83, and this group is believed to be operating under the protection of the Iranian government.

“For years, the group has used new technologies to hijack accounts, deploy malware, and spy on the interests of the Iranian government,” Bash said.

Past attacks have included phishing emails modeled after Munich Security and the Think-20 (T20) Italian Political Conference, and the use of spyware-infested VPNs uploaded to the Google Play store.

In 2021, the group hacked the School of Oriental and African Studies (SOAS) website at the University of London and used it to host phishing kits.

The group then sent an email message containing a link to the hacked site to collect credentials for platforms such as Gmail, Hotmail, and Yahoo.

“Users were instructed to log in and activate the (fake) webinar invitation. The phishing kit also requires a two-factor verification code sent to the device,” Proofpoint said earlier this year. Bash said, referring to the campaign documented in.

Catalin Cimpanu is The Record’s cybersecurity reporter. He previously worked for ZDNet and Bleeping Computer. It has become famous in the industry for its constant investigation into new vulnerabilities, cyberattacks, and law enforcement measures against hackers.

