Google’s Threat Intelligence Group (GTIG) uncovered UNC2814 (Gallium), a Chinese-linked hacking group that infiltrated 53 organizations across 42 countries, stealing sensitive personal data and surveilling high-value targets, primarily in telecom and government sectors.
The group used stealthy evasion techniques – including abusing Google Sheets API as a covert command-and-control channel – and deployed GRIDTIDE, a custom-built backdoor enabling remote execution, file theft and data exfiltration (names, phone numbers, national IDs).
UNC2814 operated since 2017, exploiting vulnerable edge devices (routers, IoT) and maintaining persistence via SoftEther VPN—a tool favored by Chinese state hackers. Many organizations were likely compromised for years before detection.
Despite China’s dismissal of allegations, UNC2814’s activities align with broader state-sponsored cyber warfare, separate from Salt Typhoon, another PLA-linked group targeting U.S. telecoms and political figures (including Trump).
Global Security Failures and Call to Action: The breach underscores critical weaknesses in edge device security and the need for decentralized defenses. While Google disrupted UNC2814’s operations, experts warn state-backed hackers will adapt, emphasizing vigilance against authoritarian cyber incursions.
Google’s Threat Intelligence Group (GTIG) has uncovered and disrupted a sprawling Chinese-linked cyber espionage operation that infiltrated 53 organizations across 42 countries, stealing sensitive personal data and surveilling high-value targets.
Read Full Article: https://www.naturalnews.com/2026-02-28-google-exposes-massive-chinese-cyber-espionage-campaign.html
