The internet giant has added more than 30 domains used by these threat groups to its Safe Browsing mechanism, which prevents users from accessing them.

Hack-for-hire groups are often conflated with entities offering surveillance tools. Google has pointed out that surveillance vendors typically provide the tools needed for spying but leave it up to the end user to operate them, while hack-for-hire groups conduct the attacks themselves.

Several hack-for-hire groups have been identified in the past years. Google’s analysis focuses on three groups believed to be operating out of India, Russia and the UAE.