Chinese Cyberspies Used Google Sheets to Target Telecoms
🔐 Google’s Threat Intelligence Group, Mandiant, and partners disrupted a global espionage campaign attributed to a suspected Chinese actor tracked as UNC2814 that infiltrated telecom firms and government agencies across dozens of countries. The actor deployed a new C-based backdoor named GRIDTIDE that abused the Google Sheets API for covert command-and-control, authenticating with a hardcoded service account key and polling spreadsheet cells for instructions. GRIDTIDE supports execution, upload and download commands via URL-safe Base64 exchanges and hides output in sheet cells; Google and partners disabled cloud projects, revoked API access, sinkholed domains, and offered victim support.
