Google interrupts action by Chinese hacker group that used spreadsheets to steal data from telephone operators in Brazil

Google interrupts action by Chinese group that attacked operators in Brazil A Chinese hacker group that invaded government and company systems in at least 42 countries through services such as online spreadsheets was dismantled after operating for almost ten years, Google revealed last Wednesday (25). Known as UNC2814 or Gallium, the group managed to access sensitive data from Brazilian telecommunications operators in one of its attacks, Google said. The company did not reveal which operators were affected. According to the investigation, some of the Brazilian systems stored data such as full name, telephone number, date and place of birth, as well as identity and voter registration numbers. Not all attacks led to data theft, but Google indicated that the hacking group was also able to monitor call logs and SMS messages on carrier systems. “Historically, this focus on sensitive communications has been intended to enable surveillance of individuals and organizations, particularly dissidents and activists, as well as traditional espionage targets,” Google said. The analysis was carried out by the Google Threat Intelligence Group (GTIG), by Mandiant, the company’s cybersecurity subsidiary, and by unidentified partners. Google dismantled Chinese hacker group that invaded operator systems in Brazil Andrew Kelly/Reuters; Altieres Rohr/g1 Google’s intelligence sector has been monitoring UNC2814 since 2017 and estimates that, in addition to the confirmed targets, the hacker group has invaded systems in 20 other countries. The analysis showed that the group infiltrated devices due to known flaws in communication between the internal network and the internet. The attackers then inserted malicious files to gain full control over the machine and communicate with a command and control center. One of them, called Gridtide, allowed the connection between the victim’s device and Google Sheets. Online spreadsheets functioned as a communication channel in which attackers sent orders to the malicious file through code and monitored attacks. “This activity is not the result of a security vulnerability in Google products. Instead, it abuses legitimate Google Sheets API functionality to disguise command and control traffic,” Google said. The company further stated that the hackers did not compromise the security of Google products, but used online spreadsheets so that their illegal activity would not be detected and their network traffic would mix with that of legitimate users. Therefore, the company decided to close the hacker group’s projects and deactivated the accounts used to access the files. The Chinese embassy in the United States told Google that cybersecurity is a challenge for all countries and must be addressed through dialogue and cooperation. “China consistently opposes and combats hacking activities in accordance with the law, and at the same time firmly rejects attempts to use cybersecurity issues to defame or slander China,” the embassy said in a statement. READ ALSO: ‘Memory crisis’ is expected to cause cell phone sales to experience the biggest drop in history in 2026 What happens to your data on the internet when you die? Galaxy S26: Samsung launches cell phone with ‘anti-prying’ screen and turbocharged AI; see prices

Source link