Google announced on Wednesday (February 25th) that the company has dismantled a hacking organization related to the Chinese Communist Party. This organization had infiltrated 53 institutions in at least 42 countries.
According to Reuters, Google’s investigation, shared exclusively with the media, revealed that the tracking number designated as UNC2814, named “Gallium,” had a nearly decade-long history of penetrating government agencies and telecommunications companies.
“This is a massive surveillance apparatus used to monitor individuals and organizations worldwide,” said John Hultquist, Chief Analyst of Google Threat Intelligence Group.
Google and its unnamed partners terminated the Google Cloud project controlled by this hacking organization, identified and disabled the network infrastructure they used, and blocked the accounts the organization used to access Google Sheets. The organization had used these spreadsheets to carry out targeted selection and data theft operations.
The company added that using Google Sheets allowed the organization to evade detection and blend in with normal network traffic, emphasizing that it was not a security vulnerability of any Google product.
Charlie Snyder, Senior Manager of Google Threat Intelligence Group, stated that the organization had been confirmed to have accessed 53 entities in 42 countries, and when the operation was disrupted, it might have also infiltrated at least another 22 countries.
Snyder refused to disclose the identities of the affected entities but mentioned that in one case, the hackers had installed a backdoor called “GRIDTIDE” on a system. The system contained names, phone numbers, birthdates, birthplaces, voter IDs, and national ID numbers.
Google stated that these targeted attacks aligned with attempts to identify and track specific targets. “Similar actions have been used to steal call detail records (CDRs), monitor SMS messages, and even monitor specific individuals through the legitimate interception functions of telecommunications companies.”
Chinese Embassy spokesperson Liu Pengyu responded to Reuters by stating opposition to attempts to “slander or defame” China using cybersecurity issues.
Google clarified that this operation was distinct from another highly publicized hacking campaign by the Chinese Communist Party targeting the telecommunications sector known as “Salt Typhoon.” The latter has been associated with both the U.S. government and the Chinese Communist Party, targeting hundreds of U.S. institutions and important figures in American politics.
This is not Google’s only recent action. In January of this year, Google dismantled a large residential proxy network called IPIDEA that was related to the Chinese Communist Party through court authorization. This network controlled millions of personal devices globally (such as routers and smart devices) as “hops,” allowing hackers to hide their real IP addresses for network attacks or data theft, making their activities appear as normal user visits from ordinary households.