Google Disrupts a Suspected CCP-Linked Hacking Group

People News 2026-02-26 21:48

Google logo

[People News] On Wednesday (February 25), U.S. technology giant Google announced that last week its Google Threat Intelligence Group (GTIG), its subsidiary Mandiant, and other partners took action to disrupt a global cyber-espionage campaign targeting telecommunications and government organizations across dozens of countries on four continents. Google said the group behind the espionage activity is suspected of having ties to the Chinese Communist Party (CCP).

According to Voice of America, Google stated in its investigative report that GTIG has been tracking this cyber-espionage group, identified as UNC2814, since 2017. The report describes the organization as “persistent and elusive,” and says it has long targeted international government entities and global telecommunications organizations in Africa, Asia, and the Americas. Google indicated that the group is suspected of being linked to the CCP.

The report confirmed that prior to the disruption operation, Google had identified that the group had compromised 53 unnamed victim organizations in 42 countries. The attackers’ method involved leveraging application programming interfaces (APIs) and software-as-a-service (SaaS) applications as command-and-control (C2) infrastructure, disguising malicious traffic as legitimate activity.

This cloud-security-related tactic is commonly used by cyber attackers seeking to increase stealth. Rather than exploiting system vulnerabilities or security flaws, the attackers relied on normal cloud services to operate, making their malicious traffic appear legitimate.

In response to the attack campaign, Google’s Threat Intelligence Group and other teams took a series of countermeasures, including:

Terminating all Google Cloud projects controlled by the hacking group
Identifying and disabling known network infrastructure used by the group
Disabling associated accounts
Revoking access to Google Sheets

Google noted that Mandiant discovered the UNC2814 group deployed a new backdoor it calls “GRIDTIDE.” However, Google emphasized that the incident did not result from a vulnerability in Google products, but rather from abuse of legitimate Google Sheets API functionality to evade detection.

Google also clarified that, at present, UNC2814 does not appear to be connected to the widely publicized China-linked telecom-focused hacking group known as “Salt Typhoon.”

In recent years, hacking threats originating from China have drawn increasing attention from the U.S. government and cybersecurity experts. Chinese cyber operations are no longer limited to stealing commercial secrets; they have increasingly targeted U.S. critical infrastructure, government agencies, political parties, and even presidential campaign teams.

In addition, at the end of January, a U.S. federal jury convicted former Google software engineer Linwei Ding of charges related to conducting commercial espionage and stealing artificial intelligence (AI) trade secrets for China (the CCP).

« Previous article China’s National People’s Congress Removes 9 Generals — No Mention of Zhang Youxia

Next article » Veterans Are “Leeks” Too — Angry Shout: “Joining the CC

Apple, Google send new round of cyber threat notifications to users around world

5 Comments

Jennifer Tan Oct 27, 2019 at 12:11 am

News magazine bootstrap themes!

Reply
Carlos vila Oct 27, 2019 at 15:11 am

I like this themes, fast loading and look profesional

Reply
- Jennifer Tan Oct 27, 2019 at 16:11 am
  
  Thank you Carlos!
  
  Reply
  - Carlos vila Oct 27, 2019 at 17:11 am
    
    You're welcome!
    
    Reply
Jennifer Tan Oct 27, 2019 at 17:11 am

Please support me with give positive rating!

Reply
- Carlos vila Oct 27, 2019 at 16:15 am
  
  Yes Sure!
  
  Reply