Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Google: Chinese Hackers Target Gmail Users Affiliated with US Govt

Google: Chinese Hackers Target Gmail Users Affiliated with US Govt

Google’s Threat Analysis Group has warned multiple Gmail users that they were targeted in phishing attacks conducted by a Chinese-backed hacking group tracked as APT31.

The warnings came after Gmail’s defenses automatically blocked all these phishing emails after tagging them as spam.

“In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government,” Google Threat Analysis Group’s Director Shane Huntley revealed today.

Also Read: A Look at the Risk Assessment Form Singapore Government Requires

“Today, we sent those people who were targeted government backed attacker warnings. We don’t have any evidence to suggest that this campaign was related to the current war in Ukraine.”

In October, Google TAG security engineer Ajax Bash said the company sent roughly 50,000 alerts of state-sponsored hacking or phishing attempts to customers throughout 2021, 15,000 of them linked to the APT28 threat group part of Russia’s General Staff Main Intelligence Directorate (GRU).

Google sends government-backed attack alerts when detecting attacks launched using infrastructure linked to known government-sponsored threat groups.

The company has warned its users of such attacks starting with 2012 and redesigned the alert system in 2017, revamping it with added info on the potential attack vector.

Google govt-backed attack alert
Sample govt-backed attack alert (Barton Gellman)

On Monday, Google TAG also said Russian, Belarusian, and Chinese threat actors targeted Ukrainian and European government and military orgs in widespread phishing campaigns and DDoS attacks.

“Over the past two weeks, TAG has observed activity from a range of threat actors that we regularly monitor and are well-known to law enforcement, including FancyBear and Ghostwriter,” Huntley said in the report.

China-sponsored hacking group Mustang Panda (aka Temp.Hex and TA416) switched to phishing attacks against European entities using lures related to the Ukrainian invasion.

Also Read: CCTV Law Singapore Edition: Know Your Rights and Responsibilities

Proofpoint also revealed this week that Mustang Panda is phishing “European diplomatic entities, including an individual involved in refugee and migrant services.”

APT31 (also tracked as Judgment Panda and Zirconium) is a hacking group working for the Chinese Government and known for its numerous espionage and information theft operations targeting organizations worldwide.

It has been linked in the past with the theft and repurposing of the EpMe NSA exploit, years before Shadow Brokers leaked it in April 2017.

Microsoft previously observed APT31 attacks targeting high-profile individuals associated with the Joe Biden presidential campaign.

This hacking group was also detected by Google while targeting “campaign staffers’ personal emails with credential phishing emails and emails containing tracking links.”



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us