[TheRecord] Google says it tracks 270 state-sponsored groups based across 50+ countries

The Google Threat Analysis Group said today that its security researchers are currently tracking more than 270 different government-backed threat actors activating from inside more than 50 countries.

The figure includes groups engaged in both cyber-espionage operations, but also disinformation campaigns, Google said in a report today.

When attacks performed by these groups include phishing emails, Google said it also sends email alerts to the targeted Gmail users.

“So far in 2021, we’ve sent over 50,000 warnings, a nearly 33% increase from this time in 2020,” Ajax Bash, a Google TAG analyst, said today.

“This spike is largely due to blocking an unusually large campaign from a Russian actor known as APT28 or Fancy Bear,” Bash added.

Huh. I’ve had security warnings before, but this one just came to me hours after a similar Google alert to my @theatlantic colleague @JamesFallows. Both of us already use Advanced Protection. https://t.co/UptU2rrVIr pic.twitter.com/lk2JTrBLh5

— Barton Gellman (@bartongellman) October 7, 2021

But even if APT28 was responsible for the largest attack this year, Bash said that another group was more active, namely APT35. Also tracked as Charming Kitten, APT 35, Newscaster, Ajax Security Team, Phosphorus, and Group 83, the group is believed to operate under the protection of the Iranian government.

“For years, this group has hijacked accounts, deployed malware, and used novel techniques to conduct espionage aligned with the interests of the Iranian government,” Bash said.

Past attacks included several phishing emails modeled around the Munich Security and the Think-20 (T20) Italy political conferences and the use of a spyware-infested VPN app uploaded on the Google Play Store.

In 2021, the group hacked the website of the School of Oriental and African Studies (SOAS) at the University of London, and used it to host a phishing kit.

The group then went on to send email messages with links to the hacked site to harvest credentials for platforms such as Gmail, Hotmail, and Yahoo.

“Users were instructed to activate an invitation to a (fake) webinar by logging in. The phishing kit will also ask for second-factor authentication codes sent to devices,” Bash said, referring to a campaign documented earlier this year by Proofpoint.

Image: Google

The post Google says it tracks 270 state-sponsored groups based across 50+ countries appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ThreatPost] Encrypted & Fileless Malware Sees Big Growth

All posts, ThreatPost

An analysis of second-quarter malware trends shows that threats are becoming stealthier. Source: Read More (Threatpost)

Read More

[HackerNews] Rarible NFT Marketplace Flaw Could’ve Let Attackers Hijack Crypto Wallets

All posts, HackerNews

Cybersecurity researchers have disclosed a now-fixed security flaw in the Rarible non-fungible token (NFT) marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets. “By luring victims to click on a malicious NFT, an attacker can take full control of the victim’s crypto wallet to steal funds,” Check Point […]

Read More

[TheRecord] EU orders Europol to delete data on citizens who have not committed crimes

Europol, the law enforcement agency of the European Union (EU), has been ordered today to delete its massive database of information on EU citizens that it collected in recent years if the agency did not link subjects to any ongoing criminal activity. The decision was announced today by the European Data Protection Supervisor, an EU-independent supervisory authority […]

Read More