Security News > 2022 > July > Google catches Turla hackers deploying Android malware in Ukraine

Google's Threat Analysis Group, whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations.
In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware.
They've also hijacked the infrastructure and malware of Iranian APT OilRig and used them in their own campaigns to mislead and trick defenders into attributing their attacks to Iranian state hackers.
Google TAG also said in May that it observed the Turla hackers pushing credential phishing emails in attacks against Ukrainian defense and cybersecurity organizations.
Google sent 50,000 warnings of state-sponsored attacks in 2021.
Roaming Mantis hits Android and iOS users in malware, phishing attacks.
News URL
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)