Google was forced to deliver more than 10,000 warnings of government-backed attempts to spear phish its global users over just a three-month period earlier this year, the firm has revealed.

In an update from the tech giant’s Threat Analysis Group (TAG), director Shane Huntley explained that from July to September this year his team sent 12,000 warnings to users in 149 countries. From a heat map attached to the blog post, it appears as if most were located in the US, South Korea, Pakistan and Vietnam.

“Over 90% of these users were targeted via ‘credential phishing emails’ ... These are usually attempts to obtain the target’s password or other account credentials to hijack their account,” he added.

“We encourage high-risk users — like journalists, human rights activists, and political campaigns — to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts.”

TAG tracks over 270 targeted and government-backed threat groups across 50+ countries in an attempt to weed out intelligence collection efforts, IP theft, targeting of dissidents and activists, destructive cyber-attacks, and spreading coordinated disinformation.

Aside from the phishing campaigns referenced earlier, Huntley revealed more details on a campaign from the Russian Sandworm group using malicious Android apps published on Google Play to target Ukrainian developers.

He also detailed efforts to detect and remove coordinated influence operations by Russian state hackers in Africa using “inauthentic news outlets to disseminate messages promoting Russian interests in Africa.” A total of 15 YouTube channels were removed as a result.

Similar efforts in the Indonesian province of Papua led to the removal of 28 channels.