UrsaClimb Logo

Chinese cyberspies breached dozens of telecom firms, govt agencies

Bleeping Computer
by Bill Toulas
February 25, 2026
AI-Generated Deep Dive Summary
Google’s Threat Intelligence Group (GTIG), Mandiant, and partners have disrupted a global cyber espionage campaign linked to a suspected Chinese threat actor. The campaign targeted telecom companies and government agencies worldwide, using malicious traffic hidden within legitimate SaaS API calls. Since 2023, the group, tracked as UNC2814 by Google, has infected at least 53 organizations across 42 countries, with potential infections in over 20 more nations. The campaign utilized a new C-based backdoor named GRIDTIDE, which exploited the Google Sheets API for command-and-control (C2) operations. GRIDTIDE authenticated using a hardcoded private key and disguised malicious commands within spreadsheet cells. It gathered system information, executed encoded bash commands, uploaded data, and downloaded files in fragments to avoid detection. The malware’s ability to blend with normal traffic made it challenging to identify. Google, Mandiant, and their partners took coordinated action to disrupt the campaign. They terminated all Google Cloud projects linked to UNC2814, disabled infrastructure, revoked Sheets API access, and sinkholed domains. Affected organizations were notified directly and provided support for remediation. Despite these efforts, experts warn that UNC2814 is likely to resume operations with new infrastructure in the near future. This campaign highlights the growing sophistication of cyber espionage tactics, particularly those leveraging SaaS platforms to bypass traditional security measures. The use of legitimate tools like Google Sheets API underscores the need for organizations to adopt advanced threat detection and response strategies. For readers focused on cybersecurity, understanding how such campaigns operate is critical to safeguarding sensitive data and infrastructure. The incident also raises concerns about the global scale of cyber espionage and its potential impact on national security and private sector operations. As threat actors
Verticals
securitytech
Originally published on Bleeping Computer on 2/25/2026