Technology giant Google has successfully taken down a sophisticated Chinese-linked cyber operation that infiltrated 53 organizations spanning 42 nations, the company announced Wednesday.
The cyber criminal group, identified by security experts as UNC2814 and “Gallium,” has been conducting espionage operations for almost ten years, primarily focusing on government agencies and telecommunications firms, according to exclusive findings Google shared with Reuters.
“This was a vast surveillance apparatus used to spy on people and organizations throughout the world,” John Hultquist, chief analyst with Google Threat Intelligence Group, said.
Google worked with undisclosed partners to shut down Google Cloud projects under the hackers’ control, identified and dismantled internet infrastructure they were operating, and deactivated accounts the criminals used to access Google Sheets for their targeting and data theft activities.
The hackers’ use of Google Sheets helped them avoid detection by appearing as routine network activity, though the company emphasized this did not represent a breach of any Google services.
Charlie Snyder, senior manager of Google Threat Intelligence Group, confirmed the organization had verified unauthorized access to 53 unnamed organizations across 42 nations, with suspected access to entities in at least 22 additional countries when the operation was disrupted.
While Snyder would not reveal which organizations were compromised, he disclosed that in one instance, the hackers installed malicious software Google calls “GRIDTIDE” on a system containing complete names, telephone numbers, birth dates, birthplaces, voter identification numbers, and national identification numbers.
The targeting patterns suggest efforts to identify and monitor specific individuals, according to the company. “Similar campaigns have been used to exfiltrate call data records, monitor SMS messages, and to even monitor targeted individuals through the telco’s lawful intercept capabilities.”
Chinese Embassy spokesperson Liu Pengyu responded in a statement that “cyber security is a common challenge faced by all countries and should be addressed through dialogue and cooperation.”
“China consistently opposes and combats hacking activities in accordance with the law, and at the same time firmly rejects attempts to use cyber security issues to smear or slander China,” Liu Pengyu said.
Google clarified this operation is separate from another prominent Chinese telecommunications-focused hacking campaign known as “Salt Typhoon.” That separate operation, which U.S. officials have attributed to China, compromised hundreds of American organizations and targeted notable U.S. political figures.
