The Indian Express
India sees rises in hacking attempts by disguising as WHO, Google says
Even within India, Google has found that between 50 and 100 users in India were targeted by state-backing phishing attempts in April, a new report states.
by Karishma MehrotraGoogle has noticed a rise in “hack-for-hire” firms based in India that create Gmail accounts to disguise as the World Health Organisation, targeting financial service leaders, healthcare corporations, and consulting services in other parts of the world to divulge their account information.
Even within India, Google has found that between 50 and 100 users in India were targeted by state-backing phishing attempts in April, a new report states. India’s hacking attempts also target countries such as the US, Slovenia, Canada, Bahrain, Cyprus, and the UK.
“The lures themselves encourage individuals to sign up for direct notifications from the WHO to stay informed of COVID-19 related announcements, and link to attacker-hosted websites that bear a strong resemblance to the official WHO website. The sites typically feature fake login pages that prompt potential victims to give up their Google account credentials, and occasionally encourage individuals to give up other personal information, such as their phone numbers,” the Google report stated. Phishing attempts refer to this masquerading to lure users’ account credentials.
The company said it has begun to see a resurgence of COVID-related hacking with cyber attacks on medical and healthcare professionals, including World Health Organisation (WHO) employees.
The company sent 1,755 warnings to users across the world about these hacking attempts. They also took down thousands of YouTube channels, some of which were Chinese-language political content about Hong Kong politics, Chinese government opposition, and the country’s handling of COVID-19.
The findings come from the company’s Threat Analytics Group (TAG), which tracks more than 270 groups from over 50 countries. These groups have many goals including intelligence collection, stealing intellectual property, targeting dissidents and activists, destructive cyber attacks, or spreading coordinated disinformation.”
In March, the group had zoned in on a “coordinated influence operation linked to India” which “was sharing messages in English supportive of Qatar.” The findings were similar to a report from Facebook, and led to the termination of elevent YouTube channels.
The company had stated in November 2019 that 100 to 500 users in India were targeted by government-sponsored phishing attempts between July and September 2019.
A Google blog in 2012 states: “You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.”