Google reports huge increase of warnings for hacks and disinformation
Google has this year seen a 33% increase in disinformation and hacks that have been so serious that the company’s Threat Analysis Group (TAG) has sent out warnings. The increase is to a big extend due to blocking an unusually large campaign from a Russian actor known as APT28 or Fancy Bear, Ajax Bash at TAG writes in a blog post.
TAG has this year sent more than 50 000 warnings informing users about disinformation campaigns, government backed hacking and financially motivated abuse.
The company says that one of the most notable campaigns it has disrupted this year from a different government-backed attacker is called APT35, an Iranian group, which regularly conducts phishing campaigns targeting high risk users. This is the one of the groups disrupted during the US election campaign for its targeting of campaign staffers.
”For years, this group has hijacked accounts, deployed malware, and used novel techniques to conduct espionage aligned with the interests of the Iranian government.”
“In early 2021, APT35 compromised a website affiliated with a UK university to host a phishing kit. Attackers sent email messages with links to this website to harvest credentials for platforms such as Gmail, Hotmail, and Yahoo. Users were instructed to activate an invitation to a (fake) webinar by logging in. The phishing kit will also ask for second-factor authentication codes sent to devices.”
”APT35 has relied on this technique since 2017 — targeting high-value accounts in government, academia, journalism, NGOs, foreign policy, and national security. Credential phishing through a compromised website demonstrates these attackers will go to great lengths to appear legitimate – as they know it’s difficult for users to detect this kind of attack.”
The APT35 has also attempted to upload spyware to the Google Play Store with an app disguised as VPN software but the company said it was quickly discovered and removed.
The attacks have also been in the form of impersonation of conference officials to conduct phishing attacks. Attackers used the Munich Security and the Think-20 (T20) Italy conferences as lures in non-malicious first contact email messages to get users to respond. When they did, attackers sent them phishing links in follow-on correspondence.
Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.
Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!
We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.
