Connect with us

Hi, what are you looking for?



Google Sees Drop in Government-Backed Phishing Attempts

Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems.

Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems.

For several years, the company has been alerting users when identifying accounts that appear to be targeted by state-sponsored attackers, and in 2019 it sent nearly 40,000 such warnings. The number, however, represents a 25% decline compared to 2018.

“One reason for this decline is that our new protections are working—attackers’ efforts have been slowed down and they’re more deliberate in their attempts, meaning attempts are happening less frequently as attackers adapt,” Google says.

The countries targeted the most in 2019 include the United States, South Korea, India, Pakistan, and Vietnam, each with more than 1,000 targeted users.

In recent months, the Internet giant observed an increase in the number of attackers who impersonate news outlets or journalists, and says that even adversaries from Iran and North Korea are adopting this tactic.

The threat actors would impersonate a journalist to seed false stories with other reporters and spread disinformation, or would send benign emails to build trust with a journalist or foreign policy expert, and then send a malicious attachment, Google notes.

Foreign policy experts are often targeted by state-sponsored threat actors for their research, for access to organizations, or to connect with researchers or policymakers for subsequent attacks. Government-backed attackers mainly focus on geopolitical rivals, government officials, journalists, dissidents and activists.

Advertisement. Scroll to continue reading.

According to Google, targeted accounts are usually hit multiple times, and this has happened to one in five accounts that received warnings in 2019. The attackers launch multiple attempts using different lures and accounts, or try to compromise an associate of their target if the initial attempt fails.

Some of the attacks leverage zero-day vulnerabilities, which increases their chances of success. Although they make up a small number of the overall state-sponsored phishing attempts, these attacks are considered particularly dangerous.

Targeted zero-day vulnerabilities are immediately reported to vendors, with a 7-day grace period to deliver a patch or produce an advisory, after which the Internet giant makes information on the vulnerability public.

In 2019, zero-day vulnerabilities were discovered in Android, Chrome, iOS, Internet Explorer and Windows, and Google identified a single threat actor capitalizing on five such security flaws.

“Finding this many zero-day exploits from the same actor in a relatively short time frame is rare. […] The majority of targets we observed were from North Korea or individuals who worked on North Korea-related issues,” Google says.

Vulnerabilities that Google’s security researchers discovered last year include ones affecting Internet Explorer – CVE-2019-0676, CVE-2019-1367, and CVE-2019-1429; Chrome – CVE-2019-5786; and the Windows kernel – CVE-2019-0808.

Related: Google Shares Data on State-Sponsored Hacking Attempts

Related: Google Warns Users of Recent State-sponsored Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.