Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries
27.02.2026
19603
Google disrupts China-linked UNC2814 after 53 breaches in 42 countries using GRIDTIDE via Google Sheets API.
Google Just Nuked a Massive Chinese Cyber-Espionage Op
Google's Threat Analysis Group just dropped the hammer on UNC2814, a China-linked APT crew that's been running the GRIDTIDE campaign for years. These guys hit 53 orgs across 42 countries — talk about global reach.
The whole operation was slick: they weaponized Google Sheets API to exfiltrate data from compromised systems. Imagine your corporate secrets getting siphoned through a spreadsheet — that's next-level stealth.
Google's team tracked this crew for months before pulling the plug. They confirmed the China link through infrastructure analysis and TTPs that match known state-sponsored playbooks.
The disruption means UNC2814's command-and-control servers are toast. Google blocked their domains and shut down their cloud accounts — basically digital scorched earth.
This is part of Google's ongoing counter-APT ops. They're not just detecting threats anymore — they're actively dismantling them. Think of it as cyber-counterterrorism for the cloud era.
- • 53 confirmed breaches
- • 42 countries affected
- • China-linked UNC2814 group
- • GRIDTIDE campaign name
- • Google Sheets API exploitation
- • State-sponsored cyber-espionage
- • Google Threat Analysis Group response
#hack#state-sponsored hacks#cybersecurity#cyber espionage
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
