Over 50,000 instances of DRAGONBRIDGE activity disrupted in 2022
An update on TAG's work to disrupt the information operation network DRAGONBRIDGE.
Internet Explorer 0-day exploited by North Korean actor APT37
Google’s Threat Analysis Group describes a new 0-day vulnerability attributed to North Korean government-backed actors known as APT37.
TAG Bulletin: Q4 2022
This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q4 2022. It was last updated on December 1, 2022.
New details on commercial spyware vendor Variston
The Threat Analysis Group shares new information on the commercial spyware vendor Variston.
Prigozhin interests and Russian information operations
One of Threat Analysis Group’s (TAG) missions is to understand and disrupt coordinated information operations (IO) threat actors. Our research enables Google teams to make enforcement decisions backed by rigorous…
Initial access broker repurposing techniques in targeted attacks against Ukraine
As the war in Ukraine continues, TAG is tracking an increasing number of financially motivated threat actors targeting Ukraine whose activities seem closely aligned with Russian government-backed attackers. This post…
TAG Bulletin: Q3 2022
This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q3 2022. It was last updated on August 26, 2022.AprilWe terminated 138 YouTube channels and 2 Ads accounts…
New Iranian APT data extraction tool
As part of TAG's mission to counter serious threats to Google and our users, we've analyzed a range of persistent threats including APT35 and Charming Kitten, an Iranian government-backed group…
Google’s efforts to identify and counter spyware
The following testimony was delivered to the U.S. House Intelligence Committeeby Shane Huntley, Senior Director of Google’s Threat Analysis Group (TAG) on July 27, 2022.Chairman Schiff, Ranking Member Turner, and…
Continued cyber activity in Eastern Europe observed by TAG
Google’s Threat Analysis Group (TAG) continues to closely monitor the cybersecurity environment in Eastern Europe with regard to the war in Ukraine. Many Russian government cyber assets have remained focused…