Sri Lanka
USA
Canada
India
UK
UAE
Google has disrupted a Chinese-backed hacking group that breached at least 53 organizations across 42 countries, the company revealed on Wednesday.
Known as UNC2814 or “Gallium,” the hacking group has a nearly ten-year history of infiltrating government entities and telecommunications firms worldwide. In an exclusive report shared with Reuters, Google described the group’s extensive cyber espionage activities.
“This was a massive surveillance operation aimed at monitoring individuals and organizations around the globe,” said John Hultquist, the chief analyst at Google’s Threat Intelligence Group.
In collaboration with undisclosed partners, Google shut down the group’s Google Cloud projects, identified and dismantled its internet infrastructure, and disabled the accounts used by the hackers to access Google Sheets. The hackers relied on Google Sheets as a means of hiding their activities in plain sight, blending into regular network traffic. Google clarified that this was not a breach of any Google product itself, but rather an evasion tactic employed by the attackers.
Charlie Snyder, a senior manager at Google Threat Intelligence Group, confirmed that the hackers had gained access to 53 organizations in 42 countries, with potential access to 22 more nations at the time of the operation’s disruption.
While Snyder did not name the affected entities, he provided details of one significant case where the group installed a backdoor tool called “GRIDTIDE.” This backdoor gave the hackers access to sensitive data such as full names, phone numbers, dates of birth, voter IDs, and national identification numbers.
Google stated that the group’s actions were aligned with broader efforts to track and monitor specific targets, noting that similar tactics have previously been used to exfiltrate telecommunications data, monitor SMS messages, and even track individuals via lawful interception capabilities within telecom networks.
A spokesperson for the Chinese Embassy, Liu Pengyu, responded by stating that cybersecurity is a global issue that should be addressed through cooperation and dialogue. He added that China consistently opposes hacking and firmly rejects attempts to politicize cybersecurity issues.
Google also clarified that the activity was distinct from another high-profile Chinese hacking operation, dubbed “Salt Typhoon.” This separate campaign, linked to Chinese state-backed hackers, has focused on targeting U.S. telecommunications organizations and prominent American political figures.
