CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



Google Sees Drop in Government-Backed Phishing Attempts

Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems.

Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems.

For several years, the company has been alerting users when identifying accounts that appear to be targeted by state-sponsored attackers, and in 2019 it sent nearly 40,000 such warnings. The number, however, represents a 25% decline compared to 2018.

“One reason for this decline is that our new protections are working—attackers’ efforts have been slowed down and they’re more deliberate in their attempts, meaning attempts are happening less frequently as attackers adapt,” Google says.

The countries targeted the most in 2019 include the United States, South Korea, India, Pakistan, and Vietnam, each with more than 1,000 targeted users.

In recent months, the Internet giant observed an increase in the number of attackers who impersonate news outlets or journalists, and says that even adversaries from Iran and North Korea are adopting this tactic.

The threat actors would impersonate a journalist to seed false stories with other reporters and spread disinformation, or would send benign emails to build trust with a journalist or foreign policy expert, and then send a malicious attachment, Google notes.

Foreign policy experts are often targeted by state-sponsored threat actors for their research, for access to organizations, or to connect with researchers or policymakers for subsequent attacks. Government-backed attackers mainly focus on geopolitical rivals, government officials, journalists, dissidents and activists.

According to Google, targeted accounts are usually hit multiple times, and this has happened to one in five accounts that received warnings in 2019. The attackers launch multiple attempts using different lures and accounts, or try to compromise an associate of their target if the initial attempt fails.

Advertisement. Scroll to continue reading.

Some of the attacks leverage zero-day vulnerabilities, which increases their chances of success. Although they make up a small number of the overall state-sponsored phishing attempts, these attacks are considered particularly dangerous.

Targeted zero-day vulnerabilities are immediately reported to vendors, with a 7-day grace period to deliver a patch or produce an advisory, after which the Internet giant makes information on the vulnerability public.

In 2019, zero-day vulnerabilities were discovered in Android, Chrome, iOS, Internet Explorer and Windows, and Google identified a single threat actor capitalizing on five such security flaws.

“Finding this many zero-day exploits from the same actor in a relatively short time frame is rare. […] The majority of targets we observed were from North Korea or individuals who worked on North Korea-related issues,” Google says.

Vulnerabilities that Google’s security researchers discovered last year include ones affecting Internet Explorer – CVE-2019-0676, CVE-2019-1367, and CVE-2019-1429; Chrome – CVE-2019-5786; and the Windows kernel – CVE-2019-0808.

Related: Google Shares Data on State-Sponsored Hacking Attempts

Related: Google Warns Users of Recent State-sponsored Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...