On Friday, Google warned of an increase in hacking activities supported by the Iranian regime, according to a report focusing on the "notable campaigns" of a group linked to the Iranian Revolutionary Guard. The search giant is the second tech company in less than a week to issue a warning about Iranian hackers, following Microsoft's announcement days earlier that a group targeted Israeli and American defense technology, also warning that Iran has quadrupled its hacking of Israel last year.
Google reported that an Iranian hacking group known as APT35, or "Charming Kitten," has been carrying out malware attacks and phishing scams, tricking targets into installing malicious software or revealing personal information. Ajax Bash, a member of Google's threat analysis team, wrote, "This is one of the groups we disrupted during the 2020 U.S. election cycle for targeting campaign staff." He added, "For years, this group has hacked accounts, disseminated malware, and employed new techniques for espionage aligning with the Iranian government's interests."
The report warned that APT35 has been targeting accounts in government, academia, journalism, NGOs, foreign policy, and U.S. national security, and has been active since 2017. Google stated that it has warned over 50,000 account holders since 2021 that they may be targeted by Iranian-backed hacking attempts through phishing or malware. Google explained, "We send these warnings in batches to all users who may be at risk." In total, Google said the number of hacking attempts in 2021 increased by one-third compared to the same period, with the increase attributed to a "remarkably large campaign" by the Russian group APT28, also known as "Fancy Bear."