Google Takes Down Chinese-Linked Hacking Group Behind Global Breach

In a significant move to combat cyber threats, Google has disrupted a Chinese-linked hacking group responsible for breaching at least 53 organizations across 42 countries. The group, identified as UNC2814 and "Gallium," has been linked to numerous high-profile attacks on government organizations and telecommunications companies over the past nine years.

According to John Hultquist, chief analyst with Google Threat Intelligence Group, the hacking group was part of a vast surveillance apparatus used to spy on individuals and organizations worldwide. This sophisticated threat actor used various tactics, including exploiting vulnerabilities in cloud services, to carry out its operations.

To combat this threat, Google and its unnamed partners terminated cloud projects controlled by the hacking group, identified and disabled internet infrastructure it was using, and disabled accounts the group used to access Google Sheets. The use of Google Sheets allowed the group to evade detection and blend into normal network traffic, which is a common tactic employed by advanced threat actors.

The group had confirmed access to 53 unnamed entities across 42 countries, with potential access in at least 22 more countries at the time of disruption.

While the exact details of the compromised organizations are not publicly disclosed, it is reported that the hacking group installed a backdoor on a system containing sensitive information such as full names, phone numbers, dates of birth, place of birth, voter ID, and national ID numbers.

The targeting by this group is consistent with efforts to identify and track select targets, which includes exfiltrating call data records, monitoring SMS messages, and even tracking targeted individuals through telco's lawful intercept capabilities.

In response to the incident, Chinese Embassy spokesperson Liu Pengyu stated that "cyber security is a common challenge faced by all countries and should be addressed through dialogue and cooperation." China consistently opposes and combats hacking activities in accordance with the law and firmly rejects attempts to use cyber security issues to smear or slander China.

It's worth noting that this incident is distinct from separate high-profile, telecommunications-focused Chinese hacking activity tracked as "Salt Typhoon," which targeted hundreds of US organizations and prominent US political figures.

In conclusion, Google's disruption of the Chinese-linked hacking group marks an important step in combating global cyber threats. As threat actors continue to evolve and adapt their tactics, it is crucial for organizations and governments to work together to share intelligence and best practices to stay ahead of these threats.

Key Takeaways: - A Chinese-linked hacking group was disrupted by Google. - The group, identified as UNC2814 and "Gallium," has a history of breaching government organizations and telecommunications companies. - Google terminated cloud projects controlled by the group, disabled internet infrastructure, and disabled accounts used to access Google Sheets. - The group had confirmed access to 53 unnamed entities across 42 countries, with potential access in at least 22 more countries.