Google Stops Chinese-Linked Hackers Targeting 53 Global Groups

Reuters | February 25, 2026 at 11:13 AM UTC

Neutral 75% Confidence Majority Agreement

Key Points

The hacking group had a nearly decade-long history and accessed sensitive data including full names, phone numbers, national ID numbers, and used telcos' lawful intercept capabilities to monitor SMS messages and call records
Hackers exploited Google Sheets to blend into normal network traffic and evade detection, though this was not a compromise of any Google product
This campaign is separate from the 'Salt Typhoon' operation that targeted hundreds of U.S. organizations and prominent political figures; China denied the allegations and rejected attempts to use cybersecurity issues to 'smear or slander' the country

AI Summary

Summary

Key Development: Google has disrupted operations of UNC2814 (also known as "Gallium"), a Chinese-linked hacking group that breached at least 53 organizations across 42 countries. The group has conducted surveillance operations for nearly a decade, primarily targeting government organizations and telecommunications companies.

Operational Details: The hackers utilized Google Sheets to evade detection and blend into normal network traffic, though Google emphasized this was not a product compromise. Google, along with unnamed partners, terminated Google Cloud projects controlled by the group, disabled their internet infrastructure, and shut down accounts used to access Google Sheets. At the time of disruption, the group potentially had access to entities in at least 22 additional countries.

Data Compromised: In one confirmed case, hackers installed a backdoor called "GRIDTIDE" on systems containing sensitive personal information including full names, phone numbers, birth dates, voter IDs, and national ID numbers. Similar campaigns have been used to steal call data records, monitor SMS messages, and exploit lawful intercept capabilities at telecommunications providers.

Official Response: John Hultquist, chief analyst with Google Threat Intelligence Group, described it as "a vast surveillance apparatus used to spy on people and organizations throughout the world." The Chinese Embassy denied the allegations, stating China "consistently opposes and combats hacking activities" and rejects attempts to "smear or slander China."

Context: Google clarified this activity is separate from the "Salt Typhoon" campaign, another high-profile Chinese hacking operation that U.S. authorities confirmed targeted hundreds of U.S. organizations and prominent political figures.

Model Analysis Breakdown

Model	Sentiment	Confidence
GPT-5-mini	Neutral	70%
Reasoning: Google's disruption of the hacking group is a positive for Google and the cybersecurity posture of affected organizations, but the revelation of widespread breaches raises sectoral risk concerns, leaving net market direction unclear.
Claude 4.5 Haiku	Bullish	75%
Reasoning: Google's proactive disruption of a major Chinese hacking operation demonstrates strong cybersecurity capabilities and protective measures, enhancing trust in the company's infrastructure and cloud services. The company's transparent communication about threat intelligence and remediation actions positively positions it as a security leader.
Gemini 2.5 Flash	Neutral	80%
Reasoning: While the news highlights Google's effective cybersecurity capabilities, the disruption of a nation-state-linked hacking group is an ongoing aspect of the cyber landscape and unlikely to significantly shift overall market sentiment.
Consensus	Neutral	75%

Google Stops Chinese-Linked Hackers Targeting 53 Global Groups

Key Points

AI Summary

Model Analysis Breakdown

Quick Actions

Article Details

Sentiment Confidence