216.73.216.133

Disrupting the GRIDTIDE Global Cyber Espionage Campaign

· Published 26/02/2026 11:04 · Modified 26/02/2026 12:59

Export JSON

Essential information

Published
26/02/2026 11:04
Modified
26/02/2026 12:59
Tags
2026-02-26 api abuse backdoor china cyber espionage google sheets government gridtide telecommunications
Related entities
18 observables, 1 intrusion sets (apt), 1 malware, 174 others

Description

A global espionage campaign targeting and organizations across four continents has been disrupted. The threat actor, UNC2814, is suspected to be linked to and has been active since 2017. The campaign utilized a sophisticated called , which leveraged API for command and control. The attackers compromised 53 victims in 42 countries, with suspected infections in 20 more. 's capabilities include executing shell commands, file transfers, and evading detection by disguising traffic as legitimate cloud API requests. The disruption involved terminating attacker-controlled cloud projects, disabling infrastructure, and revoking API access.

External references