Google’s Threat Analysis Group (TAG) has revealed that from July to September 2019, more than 12,000 warnings were sent to users across 149 countries that they were targeted by government-backed attackers. Google’s TAG works to counter targeted and government-backed hacking against Google and its users.
According to a pictorial representation of the warnings sent across the globe, around 500 users in India were targeted by government-backed attackers.
A blogpost by Shane Huntley from TAG stated that these numbers are consistent (+/-10%) with the number of warnings sent in the same period of 2018 and 2017.
Some of the countries that saw around 1000 government-backed phishing targets included the US, Pakistan, Vietnam, Laos and South Korea. Countries such as Canada, Saudi Arabia, Iran, Turkey, Egypt, Japan, Nigeria, Bangladesh, among others saw around 500 or more targets.
TAG reportedly tracks more than 270 targeted or government-backed groups from more than 50 countries. “These groups have many goals including intelligence collection, stealing intellectual property, targeting dissidents and activists, destructive cyber-attacks, or spreading coordinated disinformation. We use the intelligence we gather to protect Google infrastructure as well as users targeted with malware or phishing,” Shane said in the blog.
Over 90% of these users were targeted via “credential phishing emails”, which mostly attempt to obtain the password or other account details of the target with the intention of hijacking their account.
According to Google, journalists, human rights activists, and political campaigns are high-risk users.
“We encourage high-risk users—like journalists, human rights activists, and political campaigns—to enrol in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts,” Shane wrote.
Outlining how an attacking could send a phishing email, Google says that a security alert lure could be sent from “Goolge”, suggesting the user secure their account. This puts them at risk of falling for this, where they may click the link and enter their password, allowing the attacker to access their account.
This assumes significance after it came to light around a month ago that journalists and human rights activists in India were targeted using spyware that infected WhatsApp in May 2019.
WhatsApp had sued the NSO Group, an Israeli tech company, in an American federal court for using its platform for conducting surveillance. The lawsuit said that malicious software named Pegasus was designed and used to infect about 1,400 specifically targeted devices. Notably, the NSO Group has described itself as providing ‘authorized governments with technology that helps them combat terror and crime’.