Spyware vendors use 0-days and n-days against popular platforms
Google’s Threat Analysis Group (TAG) tracks actors involved in information operations (IO), government backed attacks and financially motivated abuse. For years, TAG has…
Magniber ransomware actors used a variant of Microsoft SmartScreen bypass
New research from Threat Analysis Group on Magniber's exploitation of Microsoft 0-day vulnerability.
TAG Bulletin: Q1 2023
Threat Analysis Group shares their Q1 2023 bulletin.
Fog of war: how the Ukraine conflict transformed the cyber threat landscape
One year after the Russian invasion of Ukraine, we’re sharing insights into changes in the cyber threat landscape triggered by the war.
Over 50,000 instances of DRAGONBRIDGE activity disrupted in 2022
An update on TAG's work to disrupt the information operation network DRAGONBRIDGE.
Internet Explorer 0-day exploited by North Korean actor APT37
Google’s Threat Analysis Group describes a new 0-day vulnerability attributed to North Korean government-backed actors known as APT37.
TAG Bulletin: Q4 2022
This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q4 2022. It was last updated on December 1, 2022.
New details on commercial spyware vendor Variston
The Threat Analysis Group shares new information on the commercial spyware vendor Variston.
Prigozhin interests and Russian information operations
One of Threat Analysis Group’s (TAG) missions is to understand and disrupt coordinated information operations (IO) threat actors. Our research enables Google teams to make enforcement decisions backed by rigorous…
Initial access broker repurposing techniques in targeted attacks against Ukraine
As the war in Ukraine continues, TAG is tracking an increasing number of financially motivated threat actors targeting Ukraine whose activities seem closely aligned with Russian government-backed attackers. This post…