Google warns thousands they were targets of government hackers. Many of those alerted are based in ... [+]
In just three months, Google sent out 12,000 warnings to people they suspected had been the target of a government-backed hacking attempt.
Data from Google’s Threat Analysis Group showed that between July and September this year, it warned users across 149 countries that they were targeted by government-backed attackers. Most were based in America and 90% were targeted with phishing emails trying to steal users’ login details for Google accounts.
Whilst the numbers sound alarming, it didn’t appear that nation state hackers had stepped up the level of attacks. Google said the data was consistent with the number of warnings sent in the same period of 2018 and 2017.
Google recommends high-risk users like journalists, human rights activists and political campaigns to sign up for its Advanced Protection Program (APP). It bundles secret keys onto USB and Bluetooth devices that the user will connect to their device after entering a password for their Google account. Unless an attacker has access to that physical key, even if they have your password, they can’t get into the account.
The same kind of protection is available to the average user who isn’t targeted by nation states but who is particularly concerned about their privacy and security.
Govs hack Androids
Google’s TAG team has been tracking myriad other government-sponsored hackers, most notably a group dubbed Sandworm. Believed by the US government to be a Russian-backed crew responsible for the catastrophic NotPetya ransomware attacks of 2017, Sandworm was targeting Android users in November 2018.
Notably, Google found Sandworm hit mobile app developers in Ukraine with phishing emails containing malicious attachments. With those attacks, the group hacked a developer with several published Play store apps, one with more than 200,000 downloads. They then tried to install a backdoor in one of the apps but Google caught it before the rogue software was made available on the Play store.
As Google researchers Neel Mehta and Billy Leonard revealed at the CYBERWARCON event in Washington D.C. last week, developers of everyday apps popular in Ukraine like local bus timetables and secure email apps were attacked by Sandworm, were attacked by Sandworm. The hackers' Android tools had various malicious features, including the ability to spy on GPS locations and raid files.
