{
	"id": "72ef7572-6b5d-485c-b1bc-99024258c5dc",
	"created_at": "2026-04-06T00:19:28.733141Z",
	"updated_at": "2026-04-10T13:12:24.789997Z",
	"deleted_at": null,
	"sha1_hash": "5a3827596ef931fd7fa67160af1750edf518ea54",
	"title": "Google warned users of 33,000 state-sponsored attacks in 2020",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1088016,
	"plain_text": "Google warned users of 33,000 state-sponsored attacks in 2020\r\nBy Sergiu Gatlan\r\nPublished: 2020-10-16 · Archived: 2026-04-05 17:28:44 UTC\r\nGoogle delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of state-sponsored\r\nphishing attacks targeting their accounts.\r\n\"In these cases, we also shared our findings with the campaigns and the Federal Bureau of Investigation,\" Shane Huntley,\r\nDirector at Google's Threat Analysis Group (TAG), said.\r\nThe prominent reminders sent to Google users targeted in government-backed attacks were displayed even when the hacking\r\nattempts were blocked to inform them of the danger.\r\nhttps://www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nGoogle also notifies the users' G Suite administrators to raise awareness of the risk their corporate network is facing to\r\nprovide them with an early warning of a potential attack.\r\nImage: Google\r\nThese notifications are shown to up to 0.1% of all Gmail users according to Google, who advises them to take several\r\nmeasures to secure their accounts.\r\nThese include enrolling in the Advanced Protection Program, keeping software up to date, enabling Gmail 2-step\r\nverification, as well as using Google Authenticator and/or a physical security key for 2-step verification.\r\nIn all, Google sent 33,015 government-backed phishing warnings in 2020 until now, with 11,856 alerts sent during Q1 2020,\r\n11,023 in Q2 2020, and 10,136 in Q3 2020.\r\nIn March, Google said that it delivered around 40,000 alerts of state-sponsored phishing or malware hacking attempts during\r\n2019, with a 25% drop compared to 2018.\r\nImage: Google\r\nhttps://www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/\r\nPage 3 of 4\n\nLast month, Microsoft also reported that it observed nation state-sponsored hacking groups operating from Russia, China,\r\nand Iran actively targeting individuals and organizations involved in the 2020 US presidential elections.\r\n\"We have directly notified those who were targeted or compromised so they can take action to protect themselves,\"\r\nMicrosoft said at the time.\r\nOne of the groups behind the attack tracked by Microsoft, the Chinese-backed APT31, was also detected by Google while\r\ntargeting \"campaign staffers’ personal emails with credential phishing emails and emails containing tracking links.\"\r\nAPT31 also hosted malware payloads that used Dropbox for command and control comms, as well as delivering fake\r\nMcAfee Total Protection installers onto victims' computers to deploy malware in the background.\r\nNorth Korean APTs were also observed by Google while switching targets to focus on \"COVID-19 researchers and\r\npharmaceutical companies.\"\r\nThe Google and Microsoft reports confirm intelligence shared by the US government on Russian, Iranian, and Chinese\r\nhacking groups attempting to \"compromise the private communications of U.S. political campaigns, candidates and other\r\npolitical targets.\"\r\nToday, Google also disclosed that in 2017 a nation-state actor targeted thousands of Google IP addresses in the largest DDoS\r\nattack ever, amounting to more than 2.54 terabits per second.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/\r\nhttps://www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/"
	],
	"report_names": [
		"google-warned-users-of-33-000-state-sponsored-attacks-in-2020"
	],
	"threat_actors": [
		{
			"id": "aacd5cbc-604b-4b6e-9e58-ef96c5d1a784",
			"created_at": "2023-01-06T13:46:38.953463Z",
			"updated_at": "2026-04-10T02:00:03.159523Z",
			"deleted_at": null,
			"main_name": "APT31",
			"aliases": [
				"JUDGMENT PANDA",
				"BRONZE VINEWOOD",
				"Red keres",
				"Violet Typhoon",
				"TA412"
			],
			"source_name": "MISPGALAXY:APT31",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "9e6186dd-9334-4aac-9957-98f022cd3871",
			"created_at": "2022-10-25T15:50:23.357398Z",
			"updated_at": "2026-04-10T02:00:05.368552Z",
			"deleted_at": null,
			"main_name": "ZIRCONIUM",
			"aliases": [
				"APT31",
				"Violet Typhoon"
			],
			"source_name": "MITRE:ZIRCONIUM",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "74d9dada-0106-414a-8bb9-b0d527db7756",
			"created_at": "2025-08-07T02:03:24.69718Z",
			"updated_at": "2026-04-10T02:00:03.733346Z",
			"deleted_at": null,
			"main_name": "BRONZE VINEWOOD",
			"aliases": [
				"APT31 ",
				"BRONZE EXPRESS ",
				"Judgment Panda ",
				"Red Keres",
				"TA412",
				"VINEWOOD ",
				"Violet Typhoon ",
				"ZIRCONIUM "
			],
			"source_name": "Secureworks:BRONZE VINEWOOD",
			"tools": [
				"DropboxAES RAT",
				"HanaLoader",
				"Metasploit",
				"Mimikatz",
				"Reverse ICMP shell",
				"Trochilus"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434768,
	"ts_updated_at": 1775826744,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5a3827596ef931fd7fa67160af1750edf518ea54.pdf",
		"text": "https://archive.orkl.eu/5a3827596ef931fd7fa67160af1750edf518ea54.txt",
		"img": "https://archive.orkl.eu/5a3827596ef931fd7fa67160af1750edf518ea54.jpg"
	}
}