THE Google Threat Intelligence Group, in collaboration with Mandiant, has successfully disrupted the GRIDTIDE global cyber espionage campaign led by the cyber actor UNC2814, associated with the People's Republic of China. This campaign primarily targeted telecommunications and government organizations across 42 countries. Key actions taken include terminating Google Cloud projects used by the attackers, disabling their infrastructure, and releasing indicators of compromise (IOCs) for better detection.
The GRIDTIDE backdoor used by UNC2814 disguised malicious traffic by leveraging Google Sheets, allowing sophisticated command-and-control communication. Historical data indicates that the threat actor has a track record of surveillance and espionage, specifically focusing on personal identifiable information for tracking individuals of interest.