Between July and September 2019, Google sent warnings to 101-500 Indian Google users that they had been targeted by government-backed attackers, the company’s Threat Analysis Group (TAG) reported on November 26. For the period, Google sent out more than 12,000 warnings in 149 countries, roughly the same as it did in the same period of 2018 and 2017.
The number of users is not certain because Google released the information in the form of a visual.
Which countries’ citizens were targeted the most? Americans were targeted the most, where Google sent warnings to more than 1,000 users. This was followed by users in Vietnam, South Korea and Pakistan, where between 501 and 1,000 users were warned.
Modus operandi: Google said that over 90% of these users were targeted using “credential phishing emails”, that is, emails from “Goolge” or other similarly made up companies were sent to targets, asking them for password or other account credentials to secure their accounts. Once the use clicks the malicious link and enters their password, it allows the attacker to access their account.
What does Google advise? Google has advised its high-risk users, such as journalists, human rights activists and political campaigns, to enroll in its Advanced Protection Program through which, a password alone isn’t enough to log into an account; the user would also need a physical security key.
Did the governments target their own citizens? At this stage, it is not clear if users were targeted by their own governments or governments of other countries. Google gave the example of a campaigns from a Russian-nexus threat group “Sandworm” (aka “Iridium”) that has targeted users in Ukraine, South Korea and also attacked the 2018 Winter Olympics. We have reached out to Google for clarification.
- In light of recent revelations that about two dozen Indian journalists and human rights activists were targeted using Israeli spyware called Pegasus, a spyware that the creator company NSO Group claims is only sold to governments and law enforcement agencies, it is concerning that the Indian government might be targeting its own citizens.
What does TAG do? As per Google, TAG tracks more than 270 targeted or government-backed groups from more than 50 countries that are involved in intelligence collection, stealing intellectual property, targeting dissidents and activists, destructive cyber attacks, or spreading coordinated disinformation.