More than 270 government-backed threat actors from over 50 countries has been put on a watch list by Google’s Threat Analysis Group (TAG). Approximately 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021.
This brings about a 33% rise from 2020 as the spike stems from “blocking an unusually large campaign from a Russian actor known as APT28 or Fancy Bear.
Google has also stated that it has disrupted a number of campaigns mounted by an Iranian state-sponsored attacker group tracked as APT35 (aka Charming Kitten, Phosphorous or Newscaster) as well as a sophisticated social engineering attack dubbed “Operation SpoofedScholars” aimed at journalists and professors with the goal of soliciting sensitive information by masquerading as scholars with the University of London’s School of Oriental and African Studies (SOAS)
Past attacks have also been orchestrated by the use of spyware-infested VPN app uploaded to the Google Play Store that, when installed could be leveraged to siphon sensitive information such as call logs, text messages, contacts and location data from infected devices.
The cyber criminals have also been said to impersonate policy officials by sending “non-malicious first contact email messages” modeled around the Munich Security and Think-20 (T20) Italy conferences as part of a phishing campaign to lure high-profile individuals onto visiting rogue websites.