Google announced on Wednesday that it had stopped a hacking group with ties to China that had compromised at least 53 organisations in 42 different countries.
Google declared that a significant cyber espionage operation with ties to China had occurred, and a threat group called UNC2814 (also known as Gallium), which has a history of infiltrating government agencies and telecom firms that dates back almost ten years, was blamed for the campaign.
The group’s main targets were telecom firms and government agencies in the Americas, Asia, and Africa. It was described that the hackers employed Google Sheets as a command-and-control (C2) channel, which allowed malicious communication to pass for genuine network traffic in order to stay undetected.
According to John Hultquist, head analyst at Google Threat Intelligence Group, this was a vast surveillance apparatus used to spy on people and organisations throughout the world.
The hacking organisation utilised Google Sheets to carry out its targeted and data theft operations, and Google opened a new tab, and undisclosed partners terminated Google Cloud projects under its control. They also identified and stopped the internet infrastructure the group was employing.
The group was able to avoid detection and blend in with regular network traffic by using Google Sheets, which the business said was not a compromise of any Google product.
Google’s Charley Snyder stated the group breached 53 entities across 42 nations, with potential access in 22 additional countries at the time of disruption.
Snyder added that in one instance, the organisation had put a backdoor in Google called “GRIDTIDE”, a malware deployed which was used to utilise at least one case to get access to systems that had complete and full names, phone numbers, dates of birth, places of birth, voter IDs, and national ID numbers, but he declined to name the hacked businesses.
The response from Google says it had terminated the group’s cloud projects, blocked their internet infrastructure, and removed access to the hacked Google accounts that were being used for data theft in collaboration with unidentified partners.
The business stated that the targeting aligns with efforts to identify and monitor specific targets. “Similar campaigns have been used to monitor SMS messages, exfiltrate call data records, and even use the telco’s legal intercept capabilities to monitor specific individuals.”
“Cybersecurity is a common challenge faced by all countries and should be addressed through dialogue and cooperation,” said Liu Pengyu, a spokesman for the Chinese Embassy.
“China vigorously opposes attempts to utilise cybersecurity concerns to disparage or vilify China, while also continuously opposing and combating hacking actions in compliance with the law.
Google clarified that this campaign is not connected to “Salt Typhoon”, a separate Chinese hacking effort targeting telecommunications. Hundreds of American organisations and well-known American politicians were the targets of that campaign, which the U.S. government has connected to China.
According to a Chinese Embassy official, China rejects “attempts to use cybersecurity issues to smear or slander China” and opposes hacking in all its forms.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
