CORRECTED-Google disrupts Chinese-linked hackers that attacked 53 groups globally

Reuters02-25 19:00
CORRECTED-Google disrupts Chinese-linked hackers that attacked 53 groups globally

Corrects spelling of Charley in the sixth paragraph.

Google disrupts Chinese-linked hacking group UNC2814's global operations

Hacking group accessed 53 organizations across 42 countries, Google says

Google Sheets used by hackers to evade detection

By AJ Vicens

Feb 25 (Reuters) - Google disrupted a Chinese-linked hacking group that breached at least 53 organizations across 42 countries, the company said Wednesday.

The hacking group, tracked as UNC2814 and "Gallium,” has a nearly decade-long history of penetrating government organizations and telecommunications companies, the company said in findings shared exclusively with Reuters.

“This was a vast surveillance apparatus used to spy on people and organizations throughout the world,” John Hultquist, chief analyst with Google Threat Intelligence Group, said.

Google GOOGL.O and unnamed partners terminated Google Cloud projects controlled by the hacking group, identified and disabled internet infrastructure it was using and disabled accounts the group used to access Google Sheets, which it used to carry out its targeting and data theft operations.

Using Google Sheets allowed the group to evade detection and blend into normal network traffic and was not a compromise of any Google product, the company added.

Charley Snyder, senior manager of Google Threat Intelligence Group, said the group had confirmed access to 53 unnamed entities across the 42 countries, with potential access in at least 22 more countries at the time of disruption.

Snyder declined to identify the compromised entities, but said in one case the group had installed a backdoor Google calls “GRIDTIDE” on a system containing full names, phone numbers, dates of birth, place of birth, voter ID and national ID numbers.

The targeting is consistent with efforts to identify and track select targets, the company said. “Similar campaigns have been used to exfiltrate call data records, monitor SMS messages, and to even monitor targeted individuals through the telco’s lawful intercept capabilities.”

Chinese Embassy spokesperson Liu Pengyu said in a statement that "cyber security is a common challenge faced by all countries and should be addressed through dialogue and cooperation.

"China consistently opposes and combats hacking activities in accordance with the law, and at the same time firmly rejects attempts to use cyber security issues to smear or slander China."

The activity is distinct from separate high-profile, telecommunications-focused Chinese hacking activity tracked as “Salt Typhoon,” Google said. That campaign, which the U.S. government has linked to China, targeted hundreds of U.S. organizations and prominent U.S. political figures.

(Reporting by AJ Vicens in Detroit; Editing by Stephen Coates)

((a.j.vicens@tr.com; +1 651 263 1318))

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Comments

We need your insight to fill this gap
Leave a comment