https://blog.google/threat-analysis-group/Threat Analysis Group (TAG)en-usThu, 29 Jan 2026 19:30:00 +0000https://blog.google/threat-analysis-group/static/blogv2/images/google.pnghttps://blog.google/threat-analysis-group/https://blog.google/threat-analysis-group/tag-bulletin-q4-2025/An overview of coordinated influence operation campaigns terminated on our platforms in Q4 2025.Thu, 29 Jan 2026 19:30:00 +0000https://blog.google/threat-analysis-group/tag-bulletin-q4-2025/Threat Analysis GrouparticleAn overview of coordinated influence operation campaigns terminated on our platforms in Q4 2025.Googlehttps://blog.google/threat-analysis-group/tag-bulletin-q4-2025/Billy Leonardhttps://blog.google/threat-analysis-group/tag-bulletin-q3-2025/Our bulletin covering coordinated influence operation campaigns terminated on our platforms in Q3 2025.Thu, 13 Nov 2025 16:00:00 +0000https://blog.google/threat-analysis-group/tag-bulletin-q3-2025/Threat Analysis GrouparticleOur bulletin covering coordinated influence operation campaigns terminated on our platforms in Q3 2025.Googlehttps://blog.google/threat-analysis-group/tag-bulletin-q3-2025/Billy Leonardhttps://blog.google/threat-analysis-group/tag-bulletin-q2-2025/Our bulletin covering coordinated influence operation campaigns terminated on our platforms in Q2 2025.Mon, 21 Jul 2025 17:45:00 +0000https://blog.google/threat-analysis-group/tag-bulletin-q2-2025/Threat Analysis GrouparticleOur bulletin covering coordinated influence operation campaigns terminated on our platforms in Q2 2025.Googlehttps://blog.google/threat-analysis-group/tag-bulletin-q2-2025/Billy Leonardhttps://blog.google/threat-analysis-group/tag-bulletin-q1-2025/This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q1 2025. It was last updated on May 15, 2025.JanuaryWe terminated 12 YouT…Thu, 15 May 2025 17:30:00 +0000https://blog.google/threat-analysis-group/tag-bulletin-q1-2025/Threat Analysis GrouparticleGooglehttps://blog.google/threat-analysis-group/tag-bulletin-q1-2025/Billy Leonardhttps://blog.google/threat-analysis-group/tag-bulletin-q4-2024/This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q4 2024. It was last updated on February 19, 2024.OctoberWe terminated 11…Tue, 17 Dec 2024 22:00:00 +0000https://blog.google/threat-analysis-group/tag-bulletin-q4-2024/Threat Analysis GrouparticleGooglehttps://blog.google/threat-analysis-group/tag-bulletin-q4-2024/Billy Leonardhttps://blog.google/threat-analysis-group/tag-bulletin-q3-2024/This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q3 2024. It was last updated on January 14, 2025.JulyWe terminated 89 You…Thu, 12 Sep 2024 23:30:00 +0000https://blog.google/threat-analysis-group/tag-bulletin-q3-2024/Threat Analysis GrouparticleGooglehttps://blog.google/threat-analysis-group/tag-bulletin-q3-2024/Billy Leonardhttps://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/an image of a blue square with the embedded text "Google" and "Threat Analysis Group"<img src="https://storage.googleapis.com/gweb-uniblog-publish-prod/images/TAG_PzwyAeM.width-1600.format-w.max-600x600.format-webp.webp">We’re sharing an update on suspected state-backed attacker APT29 and the use of exploits identical to those used by Intellexa and NSO.Thu, 29 Aug 2024 13:00:00 +0000https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/Safety & SecurityThreat Analysis GrouparticleWe’re sharing an update on suspected state-backed attacker APT29 and the use of exploits identical to those used by Intellexa and NSO.Googlehttps://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/Clement Lecignehttps://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/Google’s Threat Analysis Group shares insights on APT42, an Iranian government-backed threat actor.Wed, 14 Aug 2024 19:00:00 +0000https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/Safety & SecurityThreat Analysis GrouparticleGoogle’s Threat Analysis Group shares insights on APT42, an Iranian government-backed threat actor.Googlehttps://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/Google Threat Analysis Grouphttps://blog.google/threat-analysis-group/google-disrupted-dragonbridge-activity-q1-2024/Today we are sharing updated insights about DRAGONBRIDGE, the most prolific IO actor Google’s Threat Analysis Group (TAG) tracks.Wed, 26 Jun 2024 10:00:00 +0000https://blog.google/threat-analysis-group/google-disrupted-dragonbridge-activity-q1-2024/Threat Analysis GrouparticleToday we are sharing updated insights about DRAGONBRIDGE, the most prolific IO actor Google’s Threat Analysis Group (TAG) tracks.Googlehttps://blog.google/threat-analysis-group/google-disrupted-dragonbridge-activity-q1-2024/Zak Butlerhttps://blog.google/threat-analysis-group/tag-bulletin-q2-2024/Our bulletin covering coordinated influence operation campaigns terminated on our platforms in Q2 2024.Tue, 04 Jun 2024 23:00:00 +0000https://blog.google/threat-analysis-group/tag-bulletin-q2-2024/Threat Analysis GrouparticleOur bulletin covering coordinated influence operation campaigns terminated on our platforms in Q2 2024.Googlehttps://blog.google/threat-analysis-group/tag-bulletin-q2-2024/Billy Leonardhttps://blog.google/innovation-and-ai/technology/safety-security/a-review-of-zero-day-in-the-wild-exploits-in-2023/Today, Google released its report “We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023.”Wed, 27 Mar 2024 13:00:00 +0000https://blog.google/innovation-and-ai/technology/safety-security/a-review-of-zero-day-in-the-wild-exploits-in-2023/Safety & SecurityThreat Analysis GrouparticleToday, Google released its report “We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023.”Googlehttps://blog.google/innovation-and-ai/technology/safety-security/a-review-of-zero-day-in-the-wild-exploits-in-2023/Maddie Stonehttps://blog.google/threat-analysis-group/tag-bulletin-q1-2024/This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q1 2024. It was last updated on July 8, 2024.JanuaryWe blocked 4 domains …Wed, 06 Mar 2024 17:30:00 +0000https://blog.google/threat-analysis-group/tag-bulletin-q1-2024/Threat Analysis GrouparticleGooglehttps://blog.google/threat-analysis-group/tag-bulletin-q1-2024/Shane HuntleyThreat Analysis Grouphttps://blog.google/innovation-and-ai/technology/safety-security/tool-of-first-resort-israel-hamas-war-in-cyber/blue squares forming the abstract shape of an arrow set against a white background<img src="https://storage.googleapis.com/gweb-uniblog-publish-prod/images/TOFR_Keyword_Banner.max-600x600.format-webp.webp">An analysis of cyber operations in the Israel-Hamas War.Wed, 14 Feb 2024 00:01:00 +0000https://blog.google/innovation-and-ai/technology/safety-security/tool-of-first-resort-israel-hamas-war-in-cyber/Safety & SecurityThreat Analysis GrouparticleAn analysis of cyber operations in the Israel-Hamas War.Googlehttps://blog.google/innovation-and-ai/technology/safety-security/tool-of-first-resort-israel-hamas-war-in-cyber/Sandra JoyceShane HuntleyThreat Analysis Grouphttps://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/a blue square that reads "Threat Analysis Group"<img src="https://storage.googleapis.com/gweb-uniblog-publish-prod/images/BlogHero.max-600x600.format-webp.webp">This report documents the rise of commercial surveillance vendors and the industry that threatens free speech, the free press and the open internet.Tue, 06 Feb 2024 10:00:00 +0000https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/Threat Analysis GrouparticleGooglehttps://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/Shane HuntleyThreat Analysis Grouphttps://blog.google/threat-analysis-group/tag-bulletin-q4-2023/This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q4 2023. It was last updated on January 19, 2024.OctoberWe terminated 8 Y…Fri, 19 Jan 2024 20:00:00 +0000https://blog.google/threat-analysis-group/tag-bulletin-q4-2023/Threat Analysis GrouparticleGooglehttps://blog.google/threat-analysis-group/tag-bulletin-q4-2023/Shane HuntleyThreat Analysis Grouphttps://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware/an illustrated blue box with the phrase "Threat Analysis Group" in white<img src="https://storage.googleapis.com/gweb-uniblog-publish-prod/images/TAG_Fa6JTHm.max-600x600.format-webp.webp">Threat Analysis Group sheds light on Russian threat COLDRIVER’s use of malware.Thu, 18 Jan 2024 14:00:00 +0000https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware/Threat Analysis GrouparticleThreat Analysis Group sheds light on Russian threat COLDRIVER’s use of malware.Googlehttps://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware/Wesley Shieldshttps://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/a blue box that reads "Threat Analysis Group"<img src="https://storage.googleapis.com/gweb-uniblog-publish-prod/images/TAG_rYhcbet.max-600x600.format-webp.webp">TAG’s discovery of a 0-day exploit used to steal email data from international government organizations.Thu, 16 Nov 2023 16:00:00 +0000https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/Threat Analysis GrouparticleTAG’s discovery of a 0-day exploit used to steal email data from international government organizations.Googlehttps://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/Clement Lecignehttps://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/Google's Threat Analysis Group analyzes recent state-sponsored campaigns exploiting the WinRAR vulnerability, CVE-2023-38831.Wed, 18 Oct 2023 15:00:00 +0000https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/Threat Analysis GrouparticleGoogle's Threat Analysis Group analyzes recent state-sponsored campaigns exploiting the WinRAR vulnerability, CVE-2023-38831.Googlehttps://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/Kate Morganhttps://blog.google/threat-analysis-group/tag-bulletin-q3-2023/This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q3 2023. It was last updated on November 8, 2023.Thu, 05 Oct 2023 18:30:00 +0000https://blog.google/threat-analysis-group/tag-bulletin-q3-2023/Threat Analysis GrouparticleGooglehttps://blog.google/threat-analysis-group/tag-bulletin-q3-2023/Shane Huntleyhttps://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab, discovered an in-the-wild 0-day exploit chain for iPhones. Developed by the commerci…Fri, 22 Sep 2023 17:00:00 +0000https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/Threat Analysis GrouparticleGooglehttps://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/Maddie Stone