This week Google announced they sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. This is a 33% increase from similar reports last year. Google stated the most prominent threat actors were the Russian-backed APT28 (aka Fancy Bear) hacking group linked to the GRU Russian military intelligence agency and APT35 (aka Charming Kitten), an Iranian threat actor. Every phishing email launched by the Fancy Bear campaign was blocked by Google. Meanwhile, APT35 made several attempts to hijack accounts, deploy malware, and coordinate espionage campaigns to collect confidential info for the Iranian government. Google also observed the Iranian backed group try to deliver spyware onto potential victims’ smartphones.
These warnings should be taken very seriously. Multi-factor authentication (MFA) should be enabled on all Google accounts. Google recommends enrolling in their Advanced Protection Program, which safeguards users with high visibility and access to sensitive information who are at risk of targeted online attacks. The program automatically updates and adds new protections to defend against a wide array of attacks.