Security News > 2022 > July > Google catches Turla hackers deploying Android malware in Ukraine
Google's Threat Analysis Group, whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations.
In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware.
They've also hijacked the infrastructure and malware of Iranian APT OilRig and used them in their own campaigns to mislead and trick defenders into attributing their attacks to Iranian state hackers.
Google TAG also said in May that it observed the Turla hackers pushing credential phishing emails in attacks against Ukrainian defense and cybersecurity organizations.
Google sent 50,000 warnings of state-sponsored attacks in 2021.
Roaming Mantis hits Android and iOS users in malware, phishing attacks.
News URL
Related news
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Cyber crooks push Android malware via letter (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)