Cloud & Infrastructure SecurityThreat Intelligence

Google Stops Chinese Hackers Targeting Global Telecoms

Editorial Team
Editorial Team
February 25, 2026 2 Min Read
Google Stops Chinese Hackers Targeting Global Telecoms

In a recent breakthrough, Google Cloud’s Threat Intelligence Group (GTIG) disrupted a global cyber espionage campaign linked to Chinese hackers. Known as GRIDTIDE, the campaign primarily targeted telecommunications organizations and government bodies across multiple countries to steal sensitive data.

Source: Google – GRIDTIDE infection lifecycle

The operation spanned four continents and used Google Sheets as a method for command-and-control (C2) operations. Here’s how Google stopped this massive cyber espionage threat:

Identifying the Threat

  • Google Cloud and Mandiant discovered the espionage campaign was tied to the Chinese hacking group UNC2814.
  • This group is known for targeting telecommunications, government organizations, and high-value industries.
  • The attackers used Google Sheets for covert command-and-control operations, which made it difficult to detect.

Disrupting the Attack

  • Google Cloud’s Threat Intelligence Group identified the hackers’ infrastructure and took immediate action:
    • Disabled malicious Google Cloud Projects.
    • Shut down the attack infrastructure, stopping hackers from accessing compromised systems.
  • GRIDTIDE backdoor malware was removed from the affected systems, preventing further data exfiltration.

How Google Cloud Fights Cyber Espionage

  • Shared Fate Model: Ensures Google and its customers are aligned on security, allowing for faster threat detection.
  • Machine Learning and Automated Systems: Helped monitor and identify suspicious activity in real time.
  • Mandiant’s Threat Intelligence: Played a crucial role in identifying the attack’s global scope.
    • The campaign affected 42 countries, especially telecommunications companies.
    • The hackers blended malicious traffic with legitimate activity, making detection more challenging.

Aftermath

  • No significant evidence of data exfiltration was found, but Google’s quick action protected sensitive data from being stolen.
  • Targeted organizations, including telecom companies, were secured and their infrastructure protected.
  • The disruption of GRIDTIDE demonstrates the growing need for innovative cybersecurity measures to fight against advanced espionage campaigns.

This operation reinforces the importance of ongoing cybersecurity efforts as hacking groups continue to evolve their tactics. By leveraging cloud services and machine learning, Google Cloud’s intervention helped prevent a major global security breach, protecting vital telecom infrastructure from one of the most sophisticated cyber espionage campaigns. Building upon their previous success in taking down major threats, such as Google’s Take Down of Major Residential Proxy Infrastructure, Google has now disrupted another global cyber espionage operation.

Share Article

Editorial Team

Editorial Team

Our editorial team curates, verifies, and publishes cybersecurity news with a strong focus on accuracy, clarity, and relevance. They ensure every story meets our standards for independent and unbiased reporting.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

You Might Also Like

Our site uses cookies. By using this site, you agree to the Privacy Policy and Terms of Use.

Accept