San Francisco, USA – Google announced it had disrupted a large-scale cyberattack by a group linked to China that targeted at least 53 organizations in 42 countries worldwide, according to findings the company shared with Reuters.
Google explained that the hacking group, which is being tracked under the names “UNC2814” and “Galium,” has a track record of nearly a decade of targeting government entities and telecommunications companies in coordinated, cross-border cyber espionage operations.
Spying via Google Sheets
John Hultquist, senior analyst at Google’s Threat Analysis Group, said the operation represented “a massive espionage campaign targeting individuals and organizations around the world.”
Google added that, in collaboration with undisclosed partners, it terminated the Google Cloud projects controlled by the group, identified and disabled the infrastructure used in the attacks, and suspended the accounts used to access Google Sheets, which were employed to carry out the targeting and data theft operations.
The company confirmed that exploiting Google Sheets allowed the hackers to conceal their activity and blend it into normal network traffic, but stressed that its products were not directly compromised.
Widespread dissemination and ongoing investigations
For his part, Charlie Snyder, senior director at the Threat Analysis Group, said the group confirmed it had reached 53 entities in 42 countries, with the potential to target additional entities in 22 other countries before disrupting their operations. He declined to name the affected entities.
In an official response, Chinese Embassy spokesperson Liu Bingyu stated that cybersecurity is a “common challenge” that should be addressed through dialogue and cooperation. He emphasized that China opposes and combats hacking activities in accordance with the law and rejects what he described as attempts to tarnish its reputation through unfounded accusations.
Google noted that this campaign differs from other prominent Chinese hacking operations, such as the “Salt Typhoon” campaign, which the US government linked to targeting hundreds of organizations and political figures in the United States.
The incident highlights the escalating cyber threats globally, amid the growing use of legitimate technologies to carry out sophisticated espionage operations that are difficult to detect early.
