NEW DELHI: Google’s Threat Analysis Group (TAG) which has been on tracks of over 270 government-backed cyberattacker groups from more than 50 countries detected phishing and hacking attempts on Google accounts of 50 to 100 individuals in India in April. The individuals have been informed by Google about the attacks.
Google didn’t reveal names of the cybercriminal organisations and which states they were believed to be linked to.
A total of 1,755 such warnings were issued by Google across the world to individuals, whose Google accounts were targets of government-backed cyberattackers. The highest number of attacks were detected in the US, with over 200 individuals being targeted by state-backed attackers.
Google also noticed a resurgence in covid-19 themed hacking and phishing attempts being used by both commercial and government-backed attackers.
In September 2019, Google had warned some 500 Indians out of the 12,000 people across 149 countries who were targets of government backed attackers between July and September.
According to Google, government-backed or state-sponsored attacker groups have different objectives. While some are after intelligence or intellectual property, others are targeting dissidents or activists.
Russia, North Korea, Iran and China are some of the countries that have been suspected of funding and using various cybercriminal organisations resources to carry out cyberattacks targeting prominent individuals and key government infrastructure of countries they are not on good terms with.
North Korea is believed to be behind the notorious Lazarus group which was responsible for Sony data breach and the WannaCry ransomware attack. Russia has been linked with the cyberattack targeting the telecast of the opening ceremony of Winter Olympics in 2018 after the Russian team was banned over doping allegations.
Google TAG team also found that the hack-for-hire firms, many of which were based in India, have been creating fake Gmail accounts using names of global organisations such as WHO to target business leaders of finance, consultancy, and healthcare corporations located in the US, UK, Canada and India. These emails used links to wean targets to malicious websites with fake login pages and then prompt them to give up their Google account credentials.