As seen in CPO Magazine.
For some years now, Google has been issuing direct personal warnings to users that appear to have been targeted by a state-sponsored hacking group. The company has taken the unusual step of issuing a general public warning about one of these groups via its blog, due to a large-scale campaign targeting academics and international conference attendees.
Google warns that Advanced Persistent Threat Group 35 (APT35), thought to be associated with Iranian governments, has been active with phishing emails targeting specific groups as well as the placement of spyware apps on the Google Play Store.
APT35 keeps threat analysts busy in 2021
In the world of state-sponsored hacking, China and Russia are kings. The second tier, groups that are less sophisticated but very active and substantially dangerous, includes Iran’s threat actors. APT35 was initially considered unsophisticated when it was first identified, but has steadily grown in capability over the years. The group is best known for breaching HBO and leaking television episode scripts, and for targeting the email addresses of Donald Trump campaign staffers in 2020.
The group appears to be stepping up both the quality and amount of its attacks this year. Edward Roberts, VP of Marketing of Neosec, notes that the attempts have a focus on exploiting vulnerable APIs: “This attack follows the trend that attacks are typically a sequence of tactics employed by the hacker. Increasingly, with the ubiquitous adoption of APIs by organizations, it is no surprise that APIs are one of the tactics used in these sophisticated attacks. We expect APIs to increasingly become the focus for bad actors.”