Google has released the number of nation-state backed cyber threat actors it is currently tracking, and it isn’t pretty. It tracks some 270+ groups across some 50 nation states.
The Google Threat Analysis Group revealed last week the number of stated backed cyber threat actors it actively monitors.
The company revealed that its researchers are currently tracking more than 270 government-backed threat actors from 50 countries.
The figure includes groups engaged in both cyber-espionage operations, but also disinformation campaigns, Google said in the report.
On any given day, TAG is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries. This means that there is typically more than one threat actor behind the warnings.
While that statistic alone is mind-boggling, the company also put a spotlight on APT35, an Iran-backed cyber threat actor. This group has hijacked accounts, deployed malware, and spied on users using “novel techniques” in recent years. More on that group below.
Google reveals phishing trends for 2021 – and what it does about them
When attacks performed by these groups include phishing emails, Google said it sends email alerts to the targeted Gmail users.
So far in 2021, Google has sent over 50,000 warnings to email addresses that have been the subject of a phishing attack.
Google also stated that this amounted to a nearly 33% increase when compared to the same time last year. This increase is attributable to a large campaign launched by the Russian-sponsored group Fancy Bear outfit. U.S. and UK agencies found that Fancy Bear had been on a worldwide password guessing spree since mid-2019.
Cyber threat actor group “APT35” gains notoriety
While analysts often note APT28 as the group to watch, Google said that another group was just as important: APT35.
Also known as “Charming Kitten”, APT 35, Newscaster, Ajax Security Team, Phosphorus, and Group 83, the group operates under the protection of the Iranian government.
“For years, this group has hijacked accounts, deployed malware, and used novel techniques to conduct espionage aligned with the interests of the Iranian government,” a Google analyst said.
Past attacks included several phishing emails modelled around the Munich Security and the Think-20 (T20) Italy political conferences and the use of a spyware-infested VPN app uploaded on the Google Play Store.
In 2021, the group hacked the website of the School of Oriental and African Studies (SOAS) at the University of London, and used it to host a phishing kit.
The group then went on to send email messages with links to the hacked site to harvest credentials for platforms such as Gmail, Hotmail, and Yahoo.
APTs: The advanced sort of cyber threat actors
“APT” stands for “Advanced Persistent Threat”.
By definition, APT groups are advanced cyber actors using sophisticated techniques to target victims.
Cyber threat actors conduct espionage operations to steal sensitive data, such as intellectual property or military intelligence, which can lead to significant competitive advantages in the geopolitical and economic spheres. In many cases, nation-states sponsor these groups to conduct operations.
While nation-states can utilise cyber actors for various means, APT groups frequently engage in espionage activities, which are long running and stealthy.
COVID-19 and the cyber threat intelligence landscape
Google noted in its update last week that COVID-19’s impacts have continued to drive the threat landscape.
Early on in the pandemic, cyber actors leveraged the fear, uncertainty, and doubt surrounding the virus to unleash phishing campaigns.
Since then, threat actors have leveraged the shift to remote working to target organisations by exploiting vulnerabilities in telework technologies. They have also exploited already strained bandwidths with Distributed Denial of Service (DDoS) attacks.
Finally, as the pandemic continued, health care providers were increasingly targeted, followed by vaccine-related research entities.