New Delhi: Google claims to have sent over 50,000 alerts to those whose accounts were targeted by government-sponsored phishing or malware attempts in 2021, up nearly 33 percent from that point in 2020.
The company said it is deliberately sending these alerts in batches to all users who may be at risk, rather than the moment the company detects the threat itself so that attackers cannot pursue defense strategies.
“Every day, TAG tracks more than 270 targeted or government-backed attacker groups from more than 50 countries. That means that there is usually more than one threat actor behind the warnings,” it said in a blog post.
The blog post mentioned that some of the most notable campaigns the company has disrupted this year from another government-sponsored attacker – APT35 – an Iranian group that regularly phishing campaigns against high-risk users.
For years, this group has hijacked accounts, used malware and deployed novel techniques to conduct espionage in line with the interests of the Iranian government, the company said.
In early 2021, APT35 compromised a UK university website to host a phishing kit. Attackers sent email messages with links to this website to collect credentials for platforms such as Gmail, Hotmail and Yahoo!
Users were instructed to activate an invitation to a (fake) webinar by logging in. The phishing kit also asks for second-factor authentication codes that are sent to devices.
APT35 has relied on this technique since 2017, targeting high quality accounts in government, academia, journalism, NGOs, foreign affairs, and national security.
Phishing credentials through a compromised website shows that these attackers go to great lengths to appear legitimate – knowing that this type of attack is difficult for users to detect.
Last May, Google discovered that APT35 was trying to upload spyware to the Google Play Store.
The app was disguised as VPN software that, if installed, could steal sensitive information such as call logs, text messages, contacts, and location data from devices.
Google quickly recognized the app and removed it from the Play Store before users had a chance to install it.
