Wed. Dec 1st, 2021

Google reports a disturbing increase in suspected state-sponsored hacks.

Since 2012, Google has been issuing alerts to users if a state-sponsored hacker may be targeting their accounts. “So far in 2021, we have sent over 50,000 warnings, an increase of almost 33% from this time in 2020,” security engineer Ajax Bash wrote in a post on Thursday.

Google blames the increase mainly on the infamous Russian hacker group APT 28, also known as Fancy Bear. A large-scale phishing campaign from the group prompted Google to send 14,000 alerts to users last month.

The warning users can receive.

The warning users can receive.

The other warnings can be traced back to a number of state-sponsored hacker groups that Google has tried to monitor. “In any given day, TAG (the company’s threat analysis team) tracks more than 270 targeted or government-sponsored attacker groups from more than 50 countries,” Bash said. “Thousands of these alerts are sent every month, even in cases where the corresponding attack is blocked.”

His post then discusses how an Iranian state-sponsored hacker group known as APT 35 or Charming Kitten has tried to phish users. One method involves uploading a fake VPN app to the Google Play Store that was designed to steal data from victims’ phones. Fortunately, Google discovered the app and removed it before any users tried to install the malicious program.

Another tactic involved imitating officials at international conferences and sending phishing emails on their behalf. But again, the company disrupted the attacks by “using Google Drive, App Scripts and Sites pages”, which can block or place alerts about suspected phishing attempts.

To protect your account from state-sponsored hackers, consider the company’s free Advanced Protection Program. It represents Google’s highest security system for user accounts and requires everyone who logs in to provide both the correct password and a security key or a relevant smartphone to gain access.

If the program seems too restrictive, consider enabling two-factor authentication. Google plans to automatically enable the security setting for 150 million users later this year.


Leave a Reply

Your email address will not be published. Required fields are marked *