Google Disrupts China-Linked Spy Ring Hitting 53

Google disrupts a major cyber espionage campaign linked to suspected Chinese state actors, impacting telecommunications and government entities worldwide. This operation, run by a group tracked as UNC2814, went undetected for nearly a decade. Google’s Threat Intelligence Group (GTIG) and Mandiant have collaborated to dismantle the group’s infrastructure that breached 53 organizations across 42 countries. The group deployed a backdoor called GRIDTIDE, using Google Sheets to conduct covert communications.

UNC2814 infiltrated critical systems, targeting servers that held personal data, aligning with Chinese intelligence priorities. Google Cloud analysts discovered the backdoor on a compromised server, tracing its activities back to root-level access. They identified crucial indicators and shared threat intelligence to prevent further exploits.

Organizations are urged to monitor network traffic, using GTIG’s YARA rules and IoCs to secure systems. This effort marks another stride as Google disrupts cyber threats, safeguarding sensitive global infrastructures.

For more details, read the full article at https://cybersecuritynews.com/google-disrupts-chinese-hackers-infrastructre/