Google said Wednesday that it has intervened to halt the activities of a hacking group the company calls UNC2814. According to Google, the group had gained access to 53 organizations distributed across 42 countries before the company’s action interrupted its operations.
In its statement, Google said UNC2814 used Google Sheets as a tool to conceal malicious behavior and to make detection more difficult. The company described this tactic as an attempt to hide harmful activity within an otherwise legitimate cloud-based service, complicating identification by defensive systems.
Google identified the group as having links to China, but the company did not disclose specific information about the nature of those links. Similarly, Google has not released the names of the 53 organizations or indicated which sectors were affected.
The reach of the campaign - 53 organizations across 42 countries - indicates that the activity touched multiple continents. Beyond noting the geographic spread and the use of Google Sheets, Google’s public comments did not include further operational details about UNC2814 or its victims.
Because Google limited its disclosures, many questions remain open. The company’s announcement confirms the group’s global presence and the use of cloud productivity tools in its operations, but it stops short of providing a breakdown of targeted industries, the extent of data accessed, or the duration of the intrusions.
Security teams and affected organizations may need additional information to assess potential exposure. For now, Google’s intervention is presented as having halted the group’s activity, and the company’s public statements do not indicate ongoing operations by UNC2814 following the disruption.
Summary
Google disrupted UNC2814, a hacking group it links to China, after the group accessed 53 organizations in 42 countries and used Google Sheets to evade detection. Google has not disclosed which organizations or sectors were targeted.
Key points
- Google announced Wednesday it disrupted the operations of UNC2814, which had accessed 53 organizations across 42 countries.
- The group used Google Sheets to mask malicious activity within a legitimate cloud service, complicating detection.
- Google described UNC2814 as having Chinese links but did not disclose details about the nature of those connections or the identities of targeted organizations.
Risks and uncertainties
- Limited public detail from Google creates uncertainty about which sectors and organizations were affected - this may impede assessments by security teams and stakeholders.
- The use of mainstream cloud productivity tools as a concealment method suggests detection challenges for organizations that rely on similar services.
- Google has not provided specifics on the extent of data access or the duration of intrusions, leaving open questions about potential residual exposure.