Since the beginning of 2021, Ajax Bash a Google TAG’S Analyst announces on Thursday that it is watching more than 270 government threat actors from more than 50 countries and that it has delivered 50,000 warnings to users about state – sponsored malware. that Thousands of these warnings are sent every month, even in cases where the corresponding attack is blocked.
Google reported that the figure includes organisations involved in both cyber espionage and disinformation activities. In 2021, the group hacked the website of the School of Oriental and African Studies (SOAS) at the University of London, and used it to host a phishing kit.
When these groups use spam emails in their attacks , Google send email messages with links to the hacked site inorder to harvest credentials for Gmail, Hotmail and Yahoo . Later Google alerts to the Gmail users who are being targeted.
According to Bash , another organisation APT35 was more active and is also known as Charming Kitten , Newscaster, Ajay Security Team , Phosphorus and Group 83 including a social engineering attack dubbed “Operation SpoofedScholars” aimed at think tanks, journalists, and professors with the goal of getting sensitive information by impersonating scholars from the (SOAS).
Use the company’s free Advanced Protection Program to secure your account from State Sponsored Hackers. Its google’s most secure user account system requiring anyone signing to provide the correct password as well as Security Key to gain access. Later this year, Google plans on automatically enabling the security setting for 150 million users.
As part of a phishing attack to attract persons into visiting illegal websites, the threat actor is believed to have impersonated policy officials by sending “non-malicious first contact email messages” fashioned after the Munich Security and Think-20 (T20) Italy conferences.
Bash Concluded that , Earlier this year Proofpoint documented campaign was done by checking the users to activate an invitation to a fake webinar. The hacking toolkit will also ask for Second – Factor Authentication codes given to the devices.
Threat Analysis Group will continue to identify bad actors and share relevant information with others in the industry, with the goal of bringing awareness to these issues, protecting you and fighting bad actors to prevent future attacks.
Indicators of Compromise:
Indicators from APT28 phishing campaign:
Indicators from APT35 campaigns:
Abused Google Properties:
Abused Dropbox Properties:
Android App C2: