The China-linked group, known as UNC2814 and “Gallium,” has a nearly decade-long history of breaking into the systems of government organizations and telecoms, the tech giant said in findings shared exclusively with Reuters on Wednesday (Feb. 25).
“This was a vast surveillance apparatus used to spy on people and organizations throughout the world,” John Hultquist, chief analyst with Google Threat Intelligence Group (GTIG), said.
According to the report, Google and its partners shut down Google Cloud projects controlled by the hackers, while also disabling the group’s internet infrastructure and the accounts it was using to access Google Sheets. Google Sheets, the company added, allowed the hackers to escape detection and blend into regular network traffic.
Charley Snyder, senior manager of Google Threat Intelligence Group, told Reuters the group had access to 53 unnamed entities across the 42 countries, and potential access in at least 22 more at the time of disruption.
The report includes comments from Chinese Embassy spokesperson Liu Pengyu, who said that “cyber security is a common challenge faced by all countries and should be addressed through dialogue and cooperation.”
“China consistently opposes and combats hacking activities in accordance with the law, and at the same time firmly rejects attempts to use cyber security issues to smear or slander China,” the spokesperson added.
Last month, Google announced it had disrupted a network that sold the ability to direct internet traffic through consumer devices around the globe to bad actors who could then use this ability to conceal their illicit activities.
By hijacking IP addresses used to service residential or small business customers, the network made it harder for defenders to halt these malicious activities, GTIG said in a blog post.
In other cybersecurity news, PYMNTS spoke recently with Jeremiah Dewey, head of Cyber Solutions at Visa, who argued that security should be considered a “core business function” rather than a subset of business IT operations.
“The vast majority of fraud begins with a cyberattack,” said Dewey, interviewed for the “Visa Protect Series” hosted by PYMNTS.
He noted that fraud losses, false declines, customer attrition and reputational damage all stem from security failures. Preventing those failures might not show up as new revenue, the report added, but it can directly help foster growth.