According to Google, it delivers these warnings in batches to all users who may be at risk, rather than immediately after it detects a threat, so that attackers cannot follow defence measures.
Google disclosed that over 50,000 warnings have been delivered to users whose accounts have been the target of government-backed phishing or malware attempts so far in 2021, a nearly 33 percent increase from the same period in 2020.
According to Google, it delivers these warnings in batches to all users who may be at risk, rather than immediately after it detects a threat, so that attackers cannot follow defence measures.
Google said in a blogpost “On any given day, TAG is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries. This means that there is typically more than one threat actor behind the warnings,”
Google revealed in its blogpost that it has disrupted some of the most notable campaigns this year from a different government-backed attacker – APT35, an Iranian gang that regularly conducts phishing campaigns targeting high-risk customers.
Google noted that this group has been hijacking accounts, deployed malware, and employed creative ways to undertake espionage in support of the Iranian government for years.
By logging in, users were asked to activate an invitation to a (fake) webinar. In addition, the phishing kit will request that second-factor authentication codes sent to devices.