TAG’s discovery of a 0-day exploit used to steal email data from international government organizations.

Google's Threat Analysis Group analyzes recent state-sponsored campaigns exploiting the WinRAR vulnerability, CVE-2023-38831.

Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab, discovered an in-the-wild 0-day exploit chain for iPhones. Developed by the commerci…

This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q3 2023. It was last updated on November 8, 2023.

Threat Analysis Group shares findings on a new campaign by North Korean actors targeting security researchers.

The goal of this report is to analyze the exploits from the year as a whole, looking for trends, gaps, lessons learned, and successes.

Threat Analysis Group shares their Q2 2023 bulletin.

Google's Threat Analysis Group shares first quarter cyber updates on the threat landscape from the war in Ukraine.

Google's Threat Analysis Group shares information on ARCHIPELAGO as well as the work to stop government-backed attackers.

Google’s Threat Analysis Group (TAG) tracks actors involved in information operations (IO), government backed attacks and financially motivated abuse. For years, TAG has…

New research from Threat Analysis Group on Magniber's exploitation of Microsoft 0-day vulnerability.

Threat Analysis Group shares their Q1 2023 bulletin.

One year after the Russian invasion of Ukraine, we’re sharing insights into changes in the cyber threat landscape triggered by the war.

An update on TAG's work to disrupt the information operation network DRAGONBRIDGE.

Google’s Threat Analysis Group describes a new 0-day vulnerability attributed to North Korean government-backed actors known as APT37.

Threat Analysis Group shares their Q4 bulletin.

The Threat Analysis Group shares new information on the commercial spyware vendor Variston.

TAG highlights four case studies involving Russian IO tied to the Internet Research Agency and Russian oligarch Yevgeny Prigozhin.

This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q3 2022. It was last updated on October 26, 2022.

Describing activities of a crime group attacking Ukraine.

As part of TAG's mission to counter serious threats to Google and our users, we've analyzed a range of persistent threats including APT35 and Charming Kitten, …

The following testimony was delivered to the U.S. House Intelligence Committee by Shane Huntley, Senior Director of Google’s Threat Analysis Group (TAG) on July 27, 2022.

Google’s Threat Analysis Group (TAG) continues to closely monitor the cybersecurity environment in Eastern Europe with regard to the war in Ukraine. Many Russian governm…

As part of TAG's mission to counter serious threats to Google and our users, we've published analysis on a range of persistent threats including government-bac…

Today, alongside Google’s Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical driv…

This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q2 2022. It was last updated on July 29, 2022.

To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Ch…

An update on cyber activity in eastern Europe.

An update on cyber activity in Eastern Europe.