Google’s Threat Analysis Group detected and blocked 1 AdSense account and 11 YouTube channels linked to a pro-Qatar influence network based in India this March, the company said in a bulletin on May 27. The company also said that it notified between 51 and 100 users in India that their accounts were being targeted by state-sponsored attackers in April. Between July and September 2019, the company sent 101–500 such notifications to Indian users. Over 1000 users in India were targeted by government-backed phishing attempts in 2019.
The exact number of users is not certain because Google released the information in the form of visuals.
Accounts from India spoofing WHO
The company said it detected phishing attempts from India, where attackers used emails that looked like they are coming from the WHO but are in fact trying to grab users’ login credentials. “The accounts have largely targeted business leaders in financial services, consulting, and healthcare corporations within numerous countries including, the U.S., Slovenia, Canada, India, Bahrain, Cyprus, and the UK,” Shane Huntley, Director of Google’s Threat Analysis Group wrote.
In April, the TAG said that it had warned users in India, among many other countries, that government-backed attackers were using COVID-19 related content to steal information like passwords. It is not clear which governments were behind the attempts.