Google Disrupts Chinese Linked Cyber Network Targeting 53 Organizations Worldwide

Google has disrupted a Chinese linked cyber espionage operation that compromised at least 53 organizations across 42 countries, according to findings released by the company’s Threat Intelligence Group. The campaign, attributed to a group tracked as UNC2814 and also known as Gallium, is described as a long running surveillance effort focused on government entities and telecommunications providers.

Security analysts said the group operated a wide ranging digital infrastructure designed to blend into normal internet traffic while conducting data collection and network infiltration. In its latest action, Google terminated cloud projects associated with the group, disabled malicious accounts and dismantled online infrastructure used to coordinate operations. The company clarified that its core products were not breached, but the attackers exploited widely used cloud based tools to conceal their activity.

Investigators found that the group leveraged Google Sheets as a command and control mechanism, allowing attackers to transmit instructions and retrieve stolen information in a manner that appeared routine within enterprise environments. By embedding operations within legitimate traffic patterns, the hackers were able to evade traditional detection systems for extended periods.

Google confirmed verified access to 53 entities spanning 42 countries, with possible exposure in at least 22 additional nations at the time the disruption occurred. While the affected organizations were not publicly named, analysts indicated that telecommunications networks were among the primary targets. In one documented case, attackers deployed a backdoor tool referred to internally as GRIDTIDE on systems containing highly sensitive personal information, including identification records and contact details.

The targeting pattern suggests a focus on intelligence collection rather than financial gain. Analysts noted similarities with previous campaigns aimed at extracting call detail records, monitoring SMS data and exploiting lawful intercept capabilities within telecom networks to track selected individuals. Such techniques point to long term surveillance objectives rather than short term cybercrime.

The Chinese Embassy responded by stating that cyber security is a shared global challenge and that China opposes hacking activities. Officials rejected allegations that link state actors to cyber intrusions and called for international cooperation through dialogue rather than accusations.

The incident unfolds amid heightened geopolitical scrutiny of cyber operations attributed to state linked groups. In recent years, Western governments have publicly identified and sanctioned entities believed to be involved in cyber espionage targeting critical infrastructure, defense systems and political institutions. The latest disruption underscores the growing role of private technology firms in countering global cyber threats, particularly when operations leverage cloud based services.

Google emphasized that coordinated action with industry partners was essential to dismantling the network. The company continues to monitor related activity and warned that sophisticated actors frequently adapt tactics after exposure.