Home / Technology / Google Blocks China Hackers Using Sheets for Spying
Google Blocks China Hackers Using Sheets for Spying
27 Feb
Summary
- Google disrupted a Chinese hacking group targeting 42 countries.
- Hackers exploited Google Sheets to exfiltrate sensitive personal data.
- The group, UNC2814, used Gridtide malware on Linux systems.
Google has successfully disrupted UNC2814, a Chinese-linked hacking group believed to be engaged in extensive global espionage. This group, also identified as Gallium, targeted telecom and government entities in at least 42 countries, impacting an estimated 53 organizations.
UNC2814 employed a sophisticated backdoor malware named Gridtide, designed for Linux systems, enabling remote command execution, file transfers, and data theft. Their surveillance apparatus aimed to exfiltrate sensitive personal information such as names, phone numbers, and national identification details.
To conceal their illicit activities, the hackers leveraged Google Sheets as a covert channel for transmitting and receiving stolen data. Google responded by severing the group's access to its cloud infrastructure, disabling their internet presence, and blocking their compromised accounts.
The campaign, which Google has been monitoring since 2017, also exploited web servers and edge systems, masking their intrusions within normal network traffic. Google has notified the affected victims and provided technical details to aid in their defense.
