According to its own information, Google’s Threat Analysis Group (TAG) has already sent 50,000 security warnings to users in 2021. The reason is the potential threat to their accounts from attacks by state-motivated hacking groups. This is an increase of around 33 percent compared to 2020.
The security experts attribute the increase mainly to an unusually large campaign by the presumed Russian group APT28, also known as Fancy Bear, Sofacy or Strontium. Last week alone, 14,000 Gmail users were warned of phishing attacks, Google had previously announced. And announced that 10,000 copies of his titanium security key will be distributed free of charge to particularly vulnerable people.
“Every day, TAG tracks more than 270 targeted or government-backed hackers from over 50 countries. This means that there are typically several actors behind the warnings,” it continues in the blog entry from Google.
APT35 in sight
In particular, Google puts the spotlight on the APT35 group, a hacking group allegedly supported by Iran. They hijack numerous accounts, use malware and spy on users. Typical for APT35 is, according to Google, phishing for access data from “high-quality accounts”. The targets are people from politics, administration, science, journalism, NGOs, diplomacy and national security.
Among other things, according to Google, the hacker group tried to upload a fake VPN app to the Google Play Store in May 2020. It was spyware that collects call logs, text messages, contacts and location data. Google recognized the app and removed it from the Play Store before anyone could install it. The group is also said to have tried to carry out phishing attacks via the messenger Telegram.
In early 2021, according to Google, APT35 compromised a UK university’s website to host a phishing kit. Attackers sent emails with links to the website to gather credentials for Gmail, Hotmail and Yahoo! The users should log in to activate an invitation for a (fake) webinar.