• Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked asUNC2814that breached at least 53 organizations across 42 countries • “This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,” Google Threat Intelligence Group (GTIG) and Mandiantsaidin a report published today • UNC2814 is also suspected to be linked to additional infections in more than 20 other nations • The tech giant, which has been tracking the threat actor since 2017, has been observed using API calls to communicate with software-as-a-service (SaaS) apps as command-and-control (C2) infrastructure • The idea, it added, is to disguise their malicious traffic as benign • Central to the hacking group’s operations is a novel backdoor dubbed GRIDTIDE that abuses Google Sheets API as a communication channel to disguise C2 traffic and facilitate the transfer of raw data and shell commands

Article Summaries:

  • Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. “This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,” Google Threat Intelligence Group (GTIG) and Mandiant said in a report published today. UNC2814 is also suspected to be linked to additional infections in more than 20 other nations. The tech giant, whi

Sources: