You are here: Home » Current Affairs » News » National
Business Standard

Google sent 50K warnings to targets of government-backed hackings

Google has said that so far in 2021, it has sent over 50,000 warnings to those whose accounts were the target of government-backed phishing or malware attempts

Google | Hacking | Malware

IANS  |  San Francisco 


has said that so far in 2021, it has sent over 50,000 warnings to those whose accounts were the target of government-backed phishing or attempts, a nearly 33 per cent increase from this time in 2020.

The company said that it intentionally sends these warnings in batches to all users who may be at risk, rather than the moment the company detects the threat itself so that attackers cannot track defence strategies.

"On any given day, TAG is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries. This means that there is typically more than one threat actor behind the warnings," the company said in a blogpost.

The blogpost mentioned that some of the most notable campaigns the company disrupted this year from a different government-backed attacker -- APT35 -- an Iranian group, which regularly conducts phishing campaigns targeting high-risk users.

For years, this group has hijacked accounts, deployed and used novel techniques to conduct espionage aligned with the interests of the Iranian government, the company said.

In early 2021, APT35 compromised a website affiliated with a UK university to host a phishing kit. Attackers sent email messages with links to this website to harvest credentials for platforms such as Gmail, Hotmail and Yahoo.

Users were instructed to activate an invitation to a (fake) webinar by logging in. The phishing kit will also ask for second-factor authentication codes sent to devices.

APT35 has relied on this technique since 2017 -- targeting high-value accounts in government, academia, journalism, NGOs, foreign policy aand security.

Credential phishing through a compromised website demonstrates these attackers will go to great lengths to appear legitimate -- as they know it's difficult for users to detect this kind of attack.

Last year in May, discovered that APT35 attempted to upload spyware to the Play Store.

The app was disguised as VPN software that, if installed, could steal sensitive information such as call logs, text messages, contacts and location data from devices.

Google detected the app quickly and removed it from the Play Store before any users had a chance to install it.



(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

First Published: Sun, October 17 2021. 16:43 IST