More than 50K warnings were sent out to government-backed hacks, says Google

Over 50K warnings were sent out to government-backed hacks, says Google

So far since the start of the year, Google’s research group said that it has sent over 50,000 warnings to accounts that are targets of government-backed phishing, malware attempts, and other cyber attacks.

And what’s crazy? This number is nearly a 33-percent increase from this time last 2020. The tech company’s warnings reveal that these government-backed hackers include attacks from an Iranian group whose targets include a UK university.

Read:

Iranian-group regularly does phishing and malware attacks targeting high-risk users

In a blog post, Google’s Threat Analysis Group said that an Iranian government-backed hacking group is executing widespread cyberattacks. The group is also known as APT35 is using a variety of increasingly advanced techniques to trick victims into clicking malicious links.

On any given day, TAG is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries. This means that there is typically more than one threat actor behind the warnings,

Google said in a blog post.

Related: Android trojan steals millions from Android users just by clicking a message

Not only that, but the group is also known for other names like Phosphorous, Charming Kitten, and Ajax Security team. The group has been active for many years now. It found its way to international fame after targeting a US presidential campaign last year’s election.

Iranian-group regularly does phishing and malware attacks targeting high-risk users
Iranian-group regularly does phishing and malware attacks targeting high-risk users

In a post titled “Countering threats from Iran,” Google’s TAG says that “APT35, (is) an Iranian group, which regularly conducts phishing campaigns targeting high-risk users. This is one of the groups we disrupted during the 2020 US election cycle for its targeting of campaign staffers.”

Already, the group has “hijacked accounts, deployed malware and used novel techniques to conduct espionage aligned with the interests of the Iranian government.” 

Furthermore, according to Shane Huntley, director of the Threat Analysis Group, “Iran is very affected by how the international community sees it and puts pressure on it.”

APT35 wreaking havoc

Early this year, APT35 breached a website affiliated with a UK university to host a phishing kit. The attackers sent email messages with links to this website to get credentials from different platforms like Gmail, Hotmail, and Yahoo.

The users were then instructed to activate a “fake” invitation to a webinar by logging in. Also, the phishing kit will ask for second-factor authentication codes to devices.

The group has been relying on this technique since 2017 and targeting high-value accounts such as the government, academia, journalism, NGOs, foreign policy, and national security.

Credential phishing via a compromised website has become increasingly widespread because this attack is very difficult for users to detect. And attackers will go to great lengths to seem legitimate.

Additionally, last year in May, Google found out that APT35 attempted to uploaded a spyware in the Play Store. Luckily, Google was quick to detect the app and remove it in the service before any more users fall victim to it.

Right now, the tech company has by far sent more than 50,000 warnings to account holders who had been targeted by this group’s phishing and malware attacks.

More tech news:

Leave a Reply

Your email address will not be published.