Many agencies like APT35 have been targeting high-value accounts like NGOs, foreign and national security groups, governments, etc.
Google’s Threat Analysis Group (TAG) is warning high-risk groups about the increased government-backed hacking campaigns. Google said that, so far, it has sent out more than 50,000 warnings to the people who have been targeted by the government through phishing or malware attempts. This year, there has been a surge in targeting activity by government-backed hacking campaigns, up by over 33% compared to the same period last year.
TAG is an organization that tracks fraudsters involved in disinformation campaigns, government-backed hacking, and financially motivated abuse and sends people a warning if it’s discovered that their account was targeted. It said that the increase is due in part to a campaign by a Russian hacking group known as APT28, or Fancy Bear, as well as from Iran’s Revolutionary Guards, known as APT35, or Charming Kitten.
In early 2021, APT35 compromised a website affiliated with a UK university for a phishing kit. Attackers sent emails with links to this website to harvest the credentials of the students. The phishing kit was so advanced that it also asked for two-factor authentication codes sent to the devices.
Many government-backed agencies like APT35 have relied on this technique since 2017. Last year Google also discovered that APT35 attempted to upload spyware to the Google Play Store through a VPN app that could steal sensitive information such as call logs, text messages, contacts, and location data from devices. However, the spyware was detected quickly and removed before any major hack.