Google Sends At Least 50,000 Warnings To Users At Risk Of Government-Backed Phishing Attack

Google has issued more than 50,000 alerts to its users who are at risk of a government-backed phishing attack this year.

The search engine giant's Threat Analysis Group (TAG) is behind these warnings. According to the organization's blog post published Thursday, the alerts inform users that their accounts could be among the targets of the reported phishing and malware attack carried out by several hacker groups.

TAG revealed the number of warnings issued this year has been 33% higher than last year's figure. The group explained this increase is caused by its move to combat the APT28 or Fancy Bear. The APT 28 is a Russian actor that carried out an unusually large malware and phishing campaign.

It is worth noting, however, not all the recipients of these alerts are actually under attack. Instead, some could be potential targets of the phishing campaign, Google clarified as per Gizmodo.

Google also made it clear that sending at least 50,000 warnings is part of the company's defense strategies. Apparently, TAG detected that the state-sponsored attack is going out to more than 50 countries across the globe.

TAG currently tracks more than 270 government-backed attacker groups behind the malware and phishing campaign. It means there's more than one actor behind it.

One of the cyber attack groups TAG has been keeping an eye on is the APT35. Backed by Iran, this collective has allegedly been launching high-scale cyber attacks using novel techniques for many years. It reportedly targets "high-value accounts" or those who are connected to government agencies, journalism groups, nonprofit organizations and those who work in national security.

Cyber attackers under this group reportedly pretend to be legitimate representatives from organizations during actual events. They start their attacks by deploying non-malicious first contact emails. Those who respond to the hackers in disguise are then sent emails that contain phishing links.

Just this year, the APT35 hijacked a website affiliated with a university in the U.K. The hackers reportedly lured its victims by sending them an invite to a fake webinar. They also managed to transmit second-factor identification codes to their targets' devices.

Since 2012, Google has been warning users about these kinds of attacks. The company even redesigned its alert system and added potential attack vector information in 2017, reported Bleeping Computer.