Google’s Threat Analysis Group(TAG) has sent more than 12,000 warnings to users in 149 countries targeted by government-backed attackers. The warnings found to be sent between Jul-Sep 2019.
TAG has analyzed more than 270 targeted or government-backed groups from 50 countries and their goals involving intelligence collection, stealing intellectual property, targeting dissidents and activists, destructive cyberattacks or spreading coordinated disinformation.
Cyber Attacks Targeted
TAG observed that more than 90% of users targeted via “credential phishing emails” and the emails are attempted to gain account credentials to hijack’s user accounts.
On such example is the fake email that is sent from “Goolge” asking users to secure the account, the phishing email aimed to gain account login credentials.
Starting from December 2017 TAG observed a series of campaigns from Russia-nexus threat group called “Sandworm”. The sandworms activity particularly targeting Ukraine and their attacks targeting the 2018 Winter Olympics.
The first campaign targets South Korea, in the campaign Sandworm, was modifying legitimate Android applications with malware.
Starting from November 2018, the sandworm targeted software and mobile app developers in Ukraine via spear-phishing emails with malicious attachments. By compromising the app developers Sandworm built a backdoor with legitimate apps.
The good news is that the Google Play Protect team detected the malicious time at the time of upload and no users were infected.
TAG also plays part in tackling Disinformation, they observed a campaign that use inauthentic news outlets to disseminate messages promoting Russian interests in Africa.
TAG identified a campaign targeting the Indonesian provinces Papua and West Papua with messaging in opposition to the Free Papua Movement and the associated Youtube accounts terminated.