Google Warn Users of Government-Sponsored Attacks

Advisory ID:
October 16, 2021


Google's Threat Analysis Group (TAG) has revealed that it is monitoring over 270 government-backed threat actors from over 50 countries. Since the beginning of 2021, the tech giant has sent approximately 50,000 alerts to customers about state-sponsored phishing or malware attempts.

Description & Consequence

Google discovered activities used by government-backed attackers to steal a password or other personal information. Such activity includes receiving an email with a malicious attachment, links to malicious software downloads, or links to fake websites designed to steal passwords.

Additionally, Google has also revealed that it disrupted a number of campaigns mounted by an Iranian state-sponsored attacker group tracked as APT35 (aka Charming Kitten, Phosphorous, or Newscaster), including a sophisticated social engineering attack dubbed "Operation SpoofedScholars" aimed at think tanks, journalists, and professors with the goal of soliciting sensitive information by masquerading as scholars with the University of London's School of Oriental and African Studies (SOAS).

Other past attacks involved the use of a spyware-infested VPN app uploaded to the Google Play Store that, when installed, could be leveraged to siphon sensitive information such as call logs, text messages, contacts, and location data from the infected devices.

Furthermore, an unusual tactic adopted by APT35 concerned the use of Telegram to notify the attackers when phishing sites under their control have been visited in real-time via malicious JavaScript embedded into the pages.

Successful exploitations allow attackers to hijack accounts, deploy malware, conduct espionage as well as steal sensitive information such as call logs, text messages, contacts, and location data from the infected devices.


To get a step ahead of attackers, members of the public are advised by Google to take these extra steps to better secure your account and computer:

  1. Enroll in Google’s Advanced Protection Program. This protects you against common ways people hijack your account, like getting your emails, documents, contacts, and other personal information.
  2. Always use up-to-date software. This includes your Internet browser, operating system, plugins, and document editors.
  3. Enable 2-step verification in Gmail.This feature sends a second password to your phone, giving you an extra layer of security that has been successful in protecting against some attacks.
  4. Install Google Authenticator. If you've enabled 2-step verification, we strongly recommend also installing the Authenticator app to receive codes when you don't have an internet connection or mobile service.
  5. Install Password Alert in Chrome. This free and open-source Chrome extension tries to alert you immediately if you reuse your password or enter it on a fake login page.
  6. Remove unwanted pop-ups and other malware. If you keep seeing pop-ups, ads you don't recognize, or a homepage you didn't set, you might have an unwanted program called malware on your computer.





Related Articles