Google sent 50,000 alerts to its users on government-backed hackings

Google sends 50K warning notifications to the accounts that got targeted of govt-backed phishing or malware attempts. It is an approximately 33% increased rate from 2020.

Google admitted this crucial action of sending warnings as their planned venture in batches to all the users who might be at risk. This step is to ensure the safety of the users and act as a precaution to identify the threat itself so that the attackers cannot track security artifices.

TAG is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries. It means that there is typically more than one threat actor involved in this threatening activity, as declared by the company in a blog post. For years, this suspicious group has seized accounts, stationed malware, and used innovative techniques to administer spying adjusted with the consequences of the Iranian govt, Google said.

This year in the early months, APT35 endangered a website affiliated with a UK university to host a phishing kit. The attackers sent email messages with additional links to the website to yield credentials for platforms such as Gmail, Hotmail, and Yahoo. The users got directions to activate a request to a fake webinar by logging in. The phishing kit will also ask for second-factor authentication codes sent to devices.

APT35 has relied on this technique long back from 2017. They intended to target high-value accounts in government, academia, journalism, NGOs, foreign policy, and national security. Last year in May, Google discovered that APT35 attempted to upload spyware to the Google Play store. The app disguised itself as VPN software. The consequences of installing the app are serious. There are chances that the call logs, messages, contacts, and location data could be easily copied.  Google detected the threat of the app immediately and removed it from the Play Store before any users could install it.