Google disrupts Chinese-linked hackers that attacked 53 groups globally

[NEW YORK] Google disrupted a Chinese-linked hacking group that breached at least 53 organisations across 42 countries, it said on Wednesday (Feb 25).

The hacking group, tracked as UNC2814 and Gallium, has a nearly decade-long history of penetrating government organisations and telecommunications companies, the company said in findings shared exclusively with Reuters.

John Hultquist, chief analyst of Google Threat Intelligence Group, said: “This was a vast surveillance apparatus used to spy on people and organisations throughout the world.”

Google and unnamed partners terminated Google Cloud projects controlled by the hacking group, identified and disabled the Internet infrastructure it was using, and disabled accounts the group used to access Google Sheets, which it used to carry out its targeting and data theft operations.

Using Google Sheets allowed the group to evade detection and blend into normal network traffic, and was not a compromise on any Google product, the company added.

Charlie Snyder, senior manager of Google Threat Intelligence Group, said that the group had confirmed access to 53 unnamed entities across the 42 countries, with potential access in at least 22 more countries at the time of disruption.

He declined to identify the compromised entities, but said in one case the group had installed a backdoor that Google calls GRIDTIDE, on a system containing full names, phone numbers, dates of birth, places of birth, voter IDs and national ID numbers.

The targeting is consistent with efforts to identify and track select targets, the company said.

It added: “Similar campaigns have been used to exfiltrate call data records, monitor messages and to even monitor targeted individuals through the telco’s lawful intercept capabilities.”

SEE ALSO

Sea and Google ink partnership to develop AI-powered tools

Meta’s Zuckerberg denies at LA trial that Instagram targets kids

Meta executive warned Facebook Messenger encryption plan was ‘so irresponsible’, shows court filing

Chinese Embassy spokesperson Liu Pengyu said in a statement that cybersecurity is a common challenge faced by all countries, and it should be addressed through dialogue and cooperation.

He added: “China consistently opposes and combats hacking activities in accordance with the law, and at the same time firmly rejects attempts to use cybersecurity issues to smear or slander (the country).”

The activity is distinct from separate high-profile, telecommunications-focused Chinese hacking activity tracked as Salt Typhoon, Google said.

That campaign, which the US government has linked to China, targeted hundreds of US organisations and prominent US political figures. REUTERS