Google tracks more than 270 state-backed threat actors

Google’s Threat Analysis Group (TAG) announced they are currently tracking more than 270 state-backed threat actors from over 50 countries. They have alerted their customers of more than 50,000 attempted of state-sponsored phishing or malware attempts, in 2021.

Russian and Iranian threat actors

So, Google’s blog post discusses how the internet giant has seen a 33 percent increase in warnings from 2020. The increase came mainly from an unusually large campaign which Russian actors launched. These actors are known as APT28 or Fancy Bear.

Google revealed revealed this week that it disrupted a number of campaigns by Iranian state-sponsored attackers, too. This also included one aimed at journalists, professors, and think tanks. The Iranian group, tracked as APT35, called this “Operation SpoofedScholars.” Apparently, its aim was to ask for sensitive information. So, the attackers masqueraded as scholars with the University of London’s School of Oriental and African Studies (SOAS).

Proofpoint documented an attack

The enterprise security firm, Proofpoint was first to document the large-scale attack occurred in July 2021. The attackers managed to carried out by uploading a spyware-infested VPN app to the Google Play Store. When installed, this app could extract sensitive information from the device, such as call logs, text messages, contacts, and location data.

The threat actor sent “non-malicious first contact email messages” to high-profile individuals as part of a phishing campaign. Their goal was to have unsuspecting victims visit rogue websites.

“For years, this group has hijacked accounts, deployed malware, and used novel techniques to conduct espionage aligned with the interests of the Iranian government,” Google TAG’s Ajax Bash said.

The interest of the state-backed actors seems to increase in this kind of attacks. More than one year ago, the NSA teamed with of NCSC, CSE, DHS CISA and issued an advisory regarding the activity of a Russian Intelligence Service group. This one received the name “CozyBear” APT29 or “The Dukes”.