techend
By Web Desk :
Google announced Wednesday that it has disrupted a sophisticated hacking operation linked to China, which infiltrated at least fifty-three organizations across forty-two countries in what the company describes as a vast global surveillance campaign.
The hacking group, tracked by security researchers as UNC2814 and “Gallium,” has maintained active operations for nearly a decade, primarily targeting government institutions and telecommunications companies worldwide.
Scope of the Operation
According to findings shared exclusively with Reuters, Google’s Threat Intelligence Group confirmed the group had established access to fifty-three unnamed entities across forty-two countries, with potential access in at least twenty-two additional nations at the time of disruption.
“This was a vast surveillance apparatus used to spy on people and organisations throughout the world,” said John Hultquist, chief analyst with Google Threat Intelligence Group.
The company declined to identify specific compromised organizations but revealed that in one case, the hackers installed a backdoor system on infrastructure containing extensive personal data including full names, phone numbers, dates of birth, places of birth, voter identification numbers, and national identity numbers.
Technical Approach
The hacking group employed a novel technique using Google Sheets as a command-and-control mechanism, allowing them to blend malicious activities into normal network traffic and evade detection. Google emphasized that this method did not compromise any Google product but rather exploited the platform as a communication channel.
Charlie Snyder, senior manager of Google Threat Intelligence Group, explained that the targeting patterns align with efforts to identify and track specific individuals. Similar campaigns have been used historically to extract call data records, monitor text messages, and even surveil targeted individuals through telecommunications providers’ lawful intercept capabilities.
Countermeasures Deployed
Google, working alongside unnamed partners, took multiple actions to neutralize the threat. The company terminated Google Cloud projects controlled by the hacking group, identified and disabled the internet infrastructure supporting their operations, and shut down accounts used to access Google Sheets for targeting and data theft activities.
The company’s analysis determined that the group’s confirmed access extended to fifty-three organizations across forty-two countries at the time of intervention.
Chinese Response
Chinese Embassy spokesperson Liu Pengyu issued a statement in response to the findings, stating that cybersecurity represents a common challenge faced by all countries and should be addressed through dialogue and cooperation.
“China consistently opposes and combats hacking activities in accordance with the law, and at the same time firmly rejects attempts to use cybersecurity issues to smear or slander China,” the spokesperson said.
Distinct from Other Campaigns
Google clarified that this activity is separate from other high-profile telecommunications-focused Chinese hacking operations tracked as “Salt Typhoon.” That separate campaign, which United States government officials have attributed to China, targeted hundreds of American organizations and prominent U.S. political figures.
The disruption represents one of the most significant takedowns of an alleged state-linked cyber espionage operation in recent years, highlighting ongoing tensions between Washington and Beijing over digital espionage activities.
About The Author
