Google Warned up to 500 Indian Users That They Were Targeted by ‘Government-Backed Actors’

Most users were likely targeted by a “credential phishing email” campaign which were carried out to “obtain the target’s password” or other “account credentials to hijack their account”.

New Delhi: Google has warned up to 500 India-based targets that they may have been the victims of a snooping attempt by “government-backed actors”, the search engine giant said in a security update on Wednesday.

Over 90% of these users were targeted by a “credential phishing email” campaigns which were carried out to “obtain the target’s password” or other “account credentials to hijack their account”.

“From July to September 2019, we sent more than 12,000 warnings to users in 149 countries that they were targeted by government-backed attackers. This is consistent (+/-10%) with the number of warnings sent in the same period of 2018 and 2017,” said Shane Huntley, who heads Google’s Threat Analysis Group (TAG).

“We’ve had a long-standing policy to send users warnings if we detect that they are the subject of state-sponsored phishing attempts, and have posted periodically about these before,” Huntley added.

While the company did not break out exact data per country, its security update includes a global map (shown below) which indicates that there were up to 500 government-backed phishing targets in India from July-September 2019. 

Google's security warning map. Credit: Google.

Google’s security warning map. The external boundaries of India as depicted by this map put out by Google are neither correct nor authentic. Photo: Google.

It is unclear at the moment who these “government-backed actors” are, why they would want to target Indian users and whether the snooping attempts were successful.

The company did not provide more information on who the targeted Indians may be, but merely said that it encourages all “high-risk users” like “journalists, human rights activists and political campaigns” to enrol in Google’s ‘advanced protection programme’ which provides the “strongest protections available against phishing and account hijackings”.

Also read: Exclusive: Kolkata Prof Got an Alert From Yahoo Over ‘Govt-Backed’ Email Snooping Attempt

Surveillance and phishing threats have been in the news lately, after WhatsApp sued the NSO Group, an Israeli maker of spyware and other snooping software, for helping unknown actors break into the phones of over 1,4000 people worldwide.

More recently, The Wire exclusively reported how Yahoo had been warning Indian users that “government-backed actors” were targeting the through phishing and malware attack attempts.

Specifically, Kolkata-based professor and activist Partho Ray had received a warning from the company.