SAN FRANCISCO — Google disclosed Wednesday it thwarted a Chinese-affiliated hacking operation, dubbed UNC2814 or “Gallium,” that infiltrated at least 53 organizations across 42 countries over nearly a decade, primarily governments and telecom firms.
The group ran a sprawling surveillance network to monitor individuals and entities worldwide, according to John Hultquist, chief analyst at Google Threat Intelligence. Google, alongside partners, shut down the hackers’ Google Cloud projects, severed their internet infrastructure, and deactivated accounts exploiting Google Sheets for stealthy targeting and data exfiltration, without breaching any Google products.
Charley Snyder, senior manager at the unit, confirmed accesses in 53 entities and possible reaches in 22 more countries. In one instance, intruders deployed a backdoor named “GRIDTIDE” on a system holding sensitive data like full names, phone numbers, birth details, voter IDs, and national IDs. Patterns match espionage to extract call records, SMS traffic, and leverage telco intercept tools.
China’s Embassy spokesperson Liu Pengyu countered that Beijing opposes hacking, combats it legally, and decries accusations as smears, urging global cybersecurity dialogue. Google stressed this differs from the US-blamed “Salt Typhoon” campaign hitting US telecoms and politicians.