Cybersecurity is like a cat and mouse game -- application developers, vendors, and service providers try to define known threats, identify them, and block them. Afterward, attackers or bad actors will tweak some of their code and initiate another attack. Security teams will then need to launch their counter-reaction and start the process all over again.

Google’s Threat Analysis Group (TAG) has the challenging mission to understand and counter targetted and government-backed hacking and online threats against Google and its users.

Globally, TAG is tracking more than 270 government-backed groups from more than fifty (50) countries in the fields of intelligence collection, IP theft, target dissidents and activists, destructive cyberattacks, and spreading coordinated disinformation.

The group is tasked to detect and defeat threats, and warning targeted users and customers about the world’s most sophisticated adversaries, spanning the full range of Google products including Gmail, Drive, and YouTube.

“We have a lot of outcomes; one of our main ones is preventing Google from getting hacked from knowing the adversary who may we be up against. But, there are a few things that are external facing, and one of those is the series of warnings that we provide to end-users. Every single time that we determine that a user is targeted by a government-backed threat -- phishing or malware -- we send specific warnings to these users because we believe that they should know about that. We believe that users are able to make good decisions when they know the threats they face,” according to Shane Huntley, Senior Director, Threat Analysis Group at Google during an exclusive online media briefing this month.

TAG uses the intelligence gathered by the organization to protect the company’s infrastructure, as well as users targeted with phishing or malware. Since 2020, TAG has been sending out quarterly bulletins updated with actions resulting from their work across Google products. The group hopes that shining more light on threat actors will be helpful to the security community, deter future attacks, and lead to better awareness and protection against high-risk targets.

“Zero trust is a whole set of security objectives that is all about not having implicit trust about anything. We encourage all technology providers, including people who author apps in the (Google) Play Store, and provide services through our marketplace and other solutions to adopt zero trust principles -- our same security practice,” said Phil Venables, Vice-President & Chief Information Security Officer at Google Cloud.

As part of their fight against disinformation, TAG is one part of Google and YouTube’s broader efforts to tackle coordinated influence operations that attempt to game their services. The group shares relevant threat information about these campaigns with law enforcement and other tech companies.