Google Tracks 270 State-Sponsored Hacker Groups From 50 Countries

Google's Threat Analysis Group reported that it is tracking over 270 government-sponsored cybercriminals and has alerted customers 50,000 times.

Google Tracks 270 State-Sponsored Hacker Groups From 50 Countries
Google Tracks 270 State-Sponsored Hacker Groups From 50 Countries | Image credits: NOYB

In a statement released on Thursday, Google's Threat Analysis Group (TAG) said it was monitoring more than 270 government-sponsored cybercriminals from more than 50 countries, and that it had sent approximately 50,000 alerts to customers since the start of 2021 about state-sponsored phishing or malware attempts, according to The Hacker News.

The number of alerts is up 33 percent since 2020, according to the internet giant. The increase is partly down to the blocking of a particularly substantial effort by a Russian actor known as Fancy Bear or APT28, which has become increasingly sophisticated.

An Ajax Bash from Google TAG alleged that the Iranian government's objectives were being served by the group's years of account hijacking, malware deployment, and innovative ways of espionage.

APT35 (also known as Charming Kitten, Phosphorous, or Newscaster) is an Iranian state-sponsored hacker group that has been disrupted by Google. This includes a sophisticated social engineering attack known as Operation SpoofedScholars, which targeted think tanks, journalists, and professors with the goal of soliciting sensitive information by pretending to be scholars from the School of Oriental and African Studies at the University of London (SOAS).

Proofpoint, a cybersecurity firm, was the first to publicly expose the attack's details in July 2021.

Malware authors utilize VPN-related masqueraded software to infect consumers' devices

The usage of a spyware-laden VPN program uploaded to the Google Play Store in the past has been used in other assaults to siphon sensitive data from affected devices, such as call logs, texts, contacts and location data. APT35 also used a novel tactic: it used Telegram to alert the attackers when dangerous JavaScript included in phishing sites they control was being viewed in real time.

Another report claims this threat actor impersonated government officials by sending non-malicious first contact emails based on the Munich Security and Think-20 (T20) conferences to lure high-profile individuals into visiting malicious websites as part of an elaborate spear-phishing attack campaign.