Google says it's disrupted a super-serious 'global espionage campaign' that uses *checks notes* Google Sheets to covertly intercept telecoms data
PC Gamer
by Andy Edser February 26, 2026
AI-Generated Deep Dive Summary
Google has disrupted a sophisticated global espionage campaign targeting telecommunications and government organizations across more than 70 countries. The operation, named Gridtide, involved the use of Google Sheets as a communication channel for malicious activities, including data exfiltration and command execution. The threat actors, suspected to be linked to China, exploited API calls to disguise their traffic as legitimate activity, leveraging Sheets to establish a backdoor into targeted systems.
The campaign utilized a C-based backdoor embedded in a Google Sheet file, which was used to collect system information from infected endpoints. This data, including usernames, IP addresses, and OS details, was stored in specific cells within the spreadsheet. The attackers also employed a 16-byte cryptographic key stored in a separate file to gain unauthorized access to affected systems. Once established, the backdoor allowed for the transmission of shell commands and the extraction of sensitive data, potentially enabling surveillance on individuals and communications.
While Google did not directly observe stolen data during this particular campaign, historical evidence suggests that similar operations have led to the theft of call records, SMS messages, and the compromise of lawful intercept systems. The use of Sheets as a high-availability command-and-control platform highlights the threat actors' ability to exploit seemingly innocuous tools for malicious purposes.
This incident underscores the serious risks posed by state-sponsored espionage campaigns, particularly those targeting critical infrastructure like telecommunications networks. For readers interested in gaming and PC security, this story illustrates the importance of robust cybersecurity measures to protect against sophisticated threats that can exploit even everyday tools like spreadsheets. The global scale of Gridtide emphasizes the need for vigilance in detecting and mitigating such intrusions, which could have far-reaching implications for privacy and national security.
The disruption of Gridtide marks a significant victory for Google's Threat Intelligence Group, which collaborated with partners to neutralize the campaign. However, the operation also serves
Verticals
gamingpc
Originally published on PC Gamer on 2/26/2026