One of Google’s best-known security teams is Project Zero, and its mission is to find zero days vulnerabilities. Internally, the company also has the Threat Analysis Group (TAG) to “counter targeted and government-backed hacking against Google and our users.” Moving forward, TAG will publicize and share its work to “advance the broader digital security discussion.”
The Threat Analysis Group is over a decade old, and has previously posted about phishing campaigns, vulnerabilities, and disinformation. It works and coordinates with security teams within Google, as well as other tech companies and law enforcement.
Our daily work involves detecting and defeating threats, and warning targeted users and customers about the world’s most sophisticated adversaries, spanning the full range of Google products including Gmail, Drive, and YouTube.
In the future, Google TAG will “share more technical details and data about the threats we detect and how we counter them.” The team hopes that this will aid the broader security community and deter future attacks, while leading to “better awareness and protections among high-risk targets.”
TAG tracks more than 270 targeted or government-backed groups from more than 50 countries. These groups have many goals including intelligence collection, stealing intellectual property, targeting dissidents and activists, destructive cyberattacks, or spreading coordinated disinformation. We use the intelligence we gather to protect Google infrastructure as well as users targeted with malware or phishing.
Meanwhile, TAG today provided an update on state-sponsored phishing attempts — through credential phishing emails — and subsequent warnings that Google provides targeted users:
From July to September 2019, we sent more than 12,000 warnings to users in 149 countries that they were targeted by government-backed attackers. This is consistent (+/-10%) with the number of warnings sent in the same period of 2018 and 2017.
FTC: We use income earning auto affiliate links. More.