This week Google announced they sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. This is a 33% increase from similar reports last year. Google stated the most prominent threat actors were the Russian-backed APT28 (aka Fancy Bear) hacking group linked to the GRU Russian military intelligence agency and APT35 (aka Charming Kitten), an Iranian threat actor. Every phishing email launched by the Fancy Bear campaign was blocked by Google. Meanwhile, APT35 made several attempts to hijack accounts, deploy malware, and coordinate espionage campaigns to collect confidential info for the Iranian government. Google also observed the Iranian backed group try to deliver spyware onto potential victims’ smartphones.
Detecting Backdoor Attacks By Sean Fernandez | Threat Researcher | Binary Defense In part 3