Google’s Threat Analysis Group has already sent 50,000 warnings to users this year that their account is the target of phishing or malware attacks that appear to be state-initiated or supported. That’s a 33 percent increase versus 2020.
Google reports that the increase is mainly due to the large amount of warnings it sent out earlier in October. Then it came to the detection of a number of large phishing campaigns attributed to the Russian group APT28, also known as Fancy Bear and Strontium.
Google’s Threat Analysis Group reports it monitors about 270 such state-backed groups every day. Google’s security department sends alerts in batches to all potentially targeted users, not at the specific time of the attack’s discovery. Google hopes that its strategy will not be traceable by the groups.
The team also highlights some notable attacks from this year and earlier by Iran’s ATP35. For example, the TAG describes an attack by ATP35 in which a British university site was penetrated to distribute a phishing kit from there via an invitation to a webinar.
Phising page of ATP35 on UK university site.