Google's Threat Analysis Group sent 12,000 warnings about state-backed attacks in just three months

In 90 per cent of the cases, attackers used "credential phishing emails" to steal account credentials

More than 12,000 warnings were sent by Google ' s Threat Analysis Group (TAG) in just three months to alert users about email attacks traced to state-backed attackers.

These warnings were sent from July to September 2019, and their recipients were based in 149 countries.

In 90 per cent of the cases, attackers used "credential phishing emails" to steal account credentials, including passwords, Shane Huntley, a member of Google ' s TAG, said in a blog post.

The number of warnings sent in three months of 2019 was found to be consistent (+/-10%) with the number of warnings sent during the same period in 2018 and 2017, suggesting that there was no big drop or increase in the number of government-backed hacking campaigns over the past three years.

In his blog post, Huntley revealed in details about how TAG is protecting users from malware, phishing attacks, and disinformation campaigns from Russia.

According to Huntley, TAG has been tracking 270 targeted or state-sponsored hacking groups from more than 50 countries. It is also coordinating with cyber security teams within Google, as well as other tech firms and law enforcement agencies to protect users from coordinated attacks.

In December 2017, TAG researchers uncovered a series of cyber attacks from Russia-linked threat group Sandworm (or Iridium) attempting to deploy Android malware.

In one specific campaign, the attackers targeted users in South Korea using Android apps modified with malware. Attackers used compromised developer accounts to upload eight altered apps to the Play Store, with each having fewer than 10 installs.

In an earlier September 2017 campaign, Sandworm was observed using similar tactics to upload modified UKR.net email app on the Play Store. The malicious app was later eliminated by TAG researchers with the help of Google Play Protect Team.

Last year, TAG researchers also noticed Sandworm targeting legitimate app developers in Ukraine through spear phishing emails. In one such case, the attackers were able to compromise a developer with a large number of published apps on Play Store.

"Going forward, our goal is to give more updates on the attacks that TAG detects and stops," Huntley said.

"Our hope is that shining more light on these actors will be helpful to the security community, deter future attacks, and lead to better awareness and protections among high-risk targets," he added.