As per Google’s announcement on its Threat Analysis Group (TAG) page, they have added 37 new domains and websites to the Safe Browsing feature. Most of the blacklisted groups are located in the UAE, India, and Russia. Also, they have been fighting with these groups since 2012.
According to Google’s director of TAG, Shane Huntley, the company’s CyberCrime Investigation Group is in contact with law enforcement agencies and is sharing relevant data with them.
“TAG is committed to sharing our findings as a way of raising awareness with the security community, and with companies and individuals that might have been targeted,” Huntley noted. “We hope that improved understanding of the tactics and techniques will enhance threat hunting capability and lead to stronger user protections across the industry.”
You can see the full list of blocked domains here.
Google targets hack-for-hire groups around the world
Also, Google is asking its users, especially high-profile individuals, to enable Advanced Protection and Google Account Level Enhanced Safe Browsing. Also, they should make sure their endpoints are updated.
Social engineering and phishing are the most popular pathways for hacking groups to target the victims and deploy stage-two malware. Moreover, their targets vary from government agencies to NGOs, firms, healthcare and telecom sectors.
Some of these groups work with government agencies to target journalists and activists. “We have seen hack-for-hire groups target human rights and political activists, journalists, and other high-risk users around the world, putting their privacy, safety and security at risk. They also conduct corporate espionage, handily obscuring their clients’ role.” Shane Huntley said in his blog post.
Huntley mentions the examples of the Russian attacker that targeted an anti-corruption journalist. Also, he mentions a UAE-based group that targeted government, education, and political organizations in the Middle East and North Africa.
Google found that some hack-for-hire firms in India work with third-party private investigative services to provide data. They might also work with freelancers that the firms themselves do not directly employ.