Connect with us

Hi, what are you looking for?



Google Shares Data on State-Sponsored Hacking Attempts

Google’s Threat Analysis Group (TAG) this week shared some data on government-backed hacking and disinformation attempts targteting its customers.

Google’s Threat Analysis Group (TAG) this week shared some data on government-backed hacking and disinformation attempts targteting its customers.

Google has been alerting users of state-sponsored hacking attempts for several years and it has sent out thousands of warnings every month.

In a blog post published on Tuesday, Shane Huntley of Google TAG revealed that more than 12,000 warnings triggered by state-sponsored phishing attempts were sent out to users across 149 countries in the third quarter of 2019. The company says the number of warnings has remained roughly the same as it was in the same period of 2017 and 2018.

The United States was the number one target of these types of attempts in the third quarter of 2019, followed by Pakistan.

Distribution of government-backed phishing targets in Q3 (Jul-Sep 2019)

Over 90 percent of these attacks involved attempts to convince users to hand over their account credentials, including two-factor authentication codes, which would allow the attacker to take control of the targeted account.

Google provides a service named Advanced Protection Program (APP), which high-risk users such as journalists and rights activists can leverage to better protect their accounts through the use of hardware security keys.

Google’s TAG has been monitoring the activities of over 270 threat groups that have launched targeted attacks or government-backed campaigns. Their operations have been aimed at entities in more than 50 countries, and their goal was mainly to gather intelligence, steal intellectual property, launch destructive attacks, track activists and dissidents, or spread false information.

Advertisement. Scroll to continue reading.

One of these groups is the Russia-linked Sandworm, which in the past years uploaded or attempted to upload several malicious Android apps to the Google Play Store. Some of these applications targeted users in South Korea and Ukraine.

As for the disinformation campaigns it has targeted recently, Google mentioned a Russia-linked influence operation aimed at several countries in Africa, and a campaign targeting Indonesia’s Papua and West Papua provinces.

Related: Google Took Down 2.3 Billion Bad Ads in 2018

Related: Google Warns Users of Recent State-sponsored Attacks

Related: Google Offers G Suite Alerts for State-Sponsored Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...