[TheRecord] Google says it tracks 270 state-sponsored groups based across 50+ countries

The Google Threat Analysis Group said today that its security researchers are currently tracking more than 270 different government-backed threat actors activating from inside more than 50 countries.

The figure includes groups engaged in both cyber-espionage operations, but also disinformation campaigns, Google said in a report today.

When attacks performed by these groups include phishing emails, Google said it also sends email alerts to the targeted Gmail users.

“So far in 2021, we’ve sent over 50,000 warnings, a nearly 33% increase from this time in 2020,” Ajax Bash, a Google TAG analyst, said today.

“This spike is largely due to blocking an unusually large campaign from a Russian actor known as APT28 or Fancy Bear,” Bash added.

Huh. I’ve had security warnings before, but this one just came to me hours after a similar Google alert to my @theatlantic colleague @JamesFallows. Both of us already use Advanced Protection. https://t.co/UptU2rrVIr pic.twitter.com/lk2JTrBLh5

— Barton Gellman (@bartongellman) October 7, 2021

But even if APT28 was responsible for the largest attack this year, Bash said that another group was more active, namely APT35. Also tracked as Charming Kitten, APT 35, Newscaster, Ajax Security Team, Phosphorus, and Group 83, the group is believed to operate under the protection of the Iranian government.

“For years, this group has hijacked accounts, deployed malware, and used novel techniques to conduct espionage aligned with the interests of the Iranian government,” Bash said.

Past attacks included several phishing emails modeled around the Munich Security and the Think-20 (T20) Italy political conferences and the use of a spyware-infested VPN app uploaded on the Google Play Store.

In 2021, the group hacked the website of the School of Oriental and African Studies (SOAS) at the University of London, and used it to host a phishing kit.

The group then went on to send email messages with links to the hacked site to harvest credentials for platforms such as Gmail, Hotmail, and Yahoo.

“Users were instructed to activate an invitation to a (fake) webinar by logging in. The phishing kit will also ask for second-factor authentication codes sent to devices,” Bash said, referring to a campaign documented earlier this year by Proofpoint.

Image: Google

The post Google says it tracks 270 state-sponsored groups based across 50+ countries appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] ANZ New Zealand app and website still offline from DDoS attack

All posts, ZDNet

ANZ New Zealand’s website is still facing an outage while other affected websites have slowly come back online. Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash

All posts, HackerNews

Apple is temporarily hitting the pause button on its controversial plans to screen users’ devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users. “Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take […]

Read More

[ZDNet] Black Hat: How cybersecurity incidents can become a legal minefield

All posts, ZDNet

Facing a cyberattack? Pick up the phone and talk to legal help as well as incident response. Source: Read More (Latest topics for ZDNet in Security)

Read More