Google warns of surge in activity by state-backed hackers

Reading Time: 2 minutes

Google has warned of a surge in activity by government-backed hackers this year, including attacks from an Iranian group whose targets included a UK university.

The search group said that so far in 2021 it had sent more than 50,000 warnings to account holders that they had been a target of government-backed phishing or malware attempts. This represents an increase of a third on the same period last year, Google said in a blogpost, with the rise attributed to an “unusually large campaign” by a Russian hacking group known as APT28, or Fancy Bear.

However, the Google post focused on a group linked to Iran’s Revolutionary Guards, known as APT35, or Charming Kitten, which regularly conducts phishing attacks – where, for instance, an email is used to trick someone into handing over sensitive information or to install malware.

“This is the one of the groups we disrupted during the 2020 US election cycle for its targeting of campaign staffers,” wrote Ajax Bash, from Google’s threat analysis group. “For years this group has hijacked accounts, deployed malware, and used novel techniques to conduct espionage aligned with the interests of the Iranian government.”

The blogpost details other forms of attack by APT35. These include: attempting to upload spyware to the Google Play store, where Android phone users can buy apps; impersonating conference officials to conduct phishing attacks; and using a bot on the Telegram messaging service to notify when users have entered a phishing site, although Google said Telegram had since tackled that ruse.

Read more via The Guardian

Once you're here...