Google’s cyber intelligence team said it has grown its capacity to confront over 270 threats from different government-backed threat groups. It can track not just actors targeting Google itself but also the day-to-day attacks that are targeting users on all its platforms including Gmail and including Android.
The Threat Analysis Group or TAG was founded in 2010 following an alleged government hacking effort from China which was subsequently known as Operation Aurora. The operation was a series of targeted cyberattacks against dozens of organisations, including Google, Adobe, Yahoo, Symantec, Morgan Stanley, Rackspace, and Dow Chemicals, among others.
Shane Huntley who leads TAG and its team of 55 talents said apart from countering government-backed threats, the mission of the unit has expanded beyond that to include more serious threats such as government-backed disinformation or information operations. Hence the TAG’s mission expanded out to form small disinformation or information operations teams that track these information operations actors.
The third mission of the unit was to look at the cybercrimes like the growth of ransomware, Hack for Hire, and many large-scale and coordinated attempts of financially motivated hacking.
“If you talk to an organisation today, they may be very worried about being hacked by a government-backed threat actor, but they also are putting a lot of resources and have a lot of risk by being targeted by ransomware actors and even at a national security level or at an organisation level, even though they’re motivated by money the damage that a serious cybercrime actor can do also can be just as big or bigger than a government-backed threat actor,” Huntley said at the Foreign Press Centre’s virtual reporting tour.
To achieve its goals, TAG has to analyse large amounts of data, it also works together with others especially with the government to get threat information, and with partners and competitors in the industry like Microsoft, Facebook and Twitter. Huntley describes this approach as the cross-industry effort and industry and government effort to counter threats.
The threats are not restricted to large state actors like the US and China. Smaller nations are also developing these hacking capabilities because they are able to buy the capabilities in the open markets like in Isreal and other places. Huntley says it currently tracks 20 different companies which are selling these capabilities to actors.
“What we see again and again is that while these companies are touting that this is being used for law enforcement and countering terrorism and a list of purposes, we see the targeting journalists and civil society and even political opponents are being consistently targeted using these tools and these capabilities that have been sold to a range of nations around the world,” he said.
While TAG has set some fairly strong policies, it has also received some pushback. So far in 2022, TAG has found nine exploits or what some people call cyber weapons. Seven of them were sold by commercial surveillance vendors.
“It worked very smoothly that one of those was against iOS from Apple, and we were able to inform the. They were able to take that. They were very thankful,” Huntley said.