Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. The data were provided by Google’s Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a significant increase in the number of the alert compared to the previous year.
“So far in 2021, we’ve sent over 50,000 warnings, a nearly 33% increase from this time in 2020. This spike is largely due to blocking an unusually large campaign from a Russian actor known as APT28 or Fancy Bear.” wrote Ajax Bash, a Google security engineer from the TAG.
The Google TAG sends warnings in batches to all users who may be exposed to attacks from nation-state actors, the group avoids providing real-time alerts that could allow threat actors to determine the defense strategy implemented by the IT giant.
The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.
The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).
Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.
This specific campaign accounted for 86% of the batch of warnings that the Google team sent out for this month.
Google said to have blocked almost any spear-phishing messages sent by the APT38 group to Gmail customers.
Google researchers also warned of an intense activity associated with the APT35 group this year, the nation-state group was behind malware based attacks, account hijacking, and cyberespionage campaigns aimed at gathering intelligence for the Teheran government. In early 2021, the APT35 group compromised site affiliated with a UK university to deploy a phishing kit use to target Gmail, Hotmail, and Yahoo users.
Threat actors also used malicious apps disguised as legitimate VPN software available on the Google Play Store and third-party platforms to deliver malware between May 2020 and July 2021.
Google shared indicators associated with the hacking activities conducted by the two state-sponsored hacker groups.
(SecurityAffairs – hacking, cyber security)