Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Google Halts Major Chinese Cyber Campaign Targeting Telecoms

Google Halts Major Chinese Cyber Campaign Targeting Telecoms

Posted on February 25, 2026 By CWS

On Wednesday, Google revealed it had successfully disrupted a significant cyberespionage operation linked to China. This campaign was primarily targeting telecommunications and government entities across the globe, showcasing a widespread and sophisticated approach.

Identifying the Cyber Threat

Identified by Google’s Threat Intelligence Group (GTIG) and Mandiant as UNC2814, this cyber threat has been active since at least 2017. It is considered one of the most extensive and impactful campaigns in recent years. The operation has reportedly targeted 53 organizations in 42 countries, spanning the Americas, Asia, and Africa, with suspicions of additional targets in 20 more nations.

Google explained that these cyber spies utilized API calls to communicate with SaaS applications, using these as command-and-control (C2) infrastructures to disguise malicious activities as legitimate traffic. This tactic avoids exploiting vulnerabilities, instead leveraging cloud-based services to mask nefarious actions.

Understanding the GridTide Backdoor

The campaign employed a new backdoor named GridTide, allowing for shell command execution and file transfers. Notably, GridTide uses Google Sheets not as a document, but as a high-availability C2 platform, facilitating the communication of data and commands.

Researchers found GridTide on endpoints containing personal data such as names, birthdates, and identification numbers, indicating a likely effort to monitor specific individuals. Although GTIG did not witness data exfiltration in this campaign, past Chinese espionage against telecoms has resulted in significant data theft, including call records and SMS messages.

Efforts to Disrupt UNC2814

In collaboration with Mandiant, GTIG took decisive steps to dismantle the cyberespionage infrastructure. This included the removal of cloud resources used by GridTide, sinkholing of domains, and disabling hacker accounts, including those on Google Cloud. Access to Google Sheets instances exploited by the malware was also terminated.

Victims of the campaign have been informed and supported in responding to the incidents. Google has provided indicators of compromise (IoCs) to aid organizations in detecting GridTide and related activities, aiming to significantly hinder UNC2814’s global expansion efforts.

While the operations of UNC2814 bear similarities to the Salt Typhoon group, Google has found no direct connections between these entities, marking this disruption as a crucial step in safeguarding international cybersecurity.

Security Week News Tags:API calls, China, cyberespionage, Cybersecurity, Google, GridTide, GTIG, Mandiant, Telecoms, UNC2814

Post navigation

Previous Post: Malicious Packages Target ASP.NET and npm Developers
Next Post: CISA Alerts on FileZen Vulnerability Exploitation

Related Posts

Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps Security Week News
Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw Security Week News
SecurityWeek to Host 2025 ICS Cybersecurity Conference October 27-30 in Atlanta SecurityWeek to Host 2025 ICS Cybersecurity Conference October 27-30 in Atlanta Security Week News
New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches Security Week News
Organizations Warned of Exploited Zimbra Collaboration Vulnerability Organizations Warned of Exploited Zimbra Collaboration Vulnerability Security Week News
Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark