Chinese cyberspies breached dozens of telecom firms, govt agencies

Chinese cyberspies, tracked as UNC2814 by Google, have been sneaking into telecom and government networks worldwide since at least 2023, hitting 53 orgs in 42 countries and likely more, by cleverly masking their attacks with innocent-looking SaaS API calls—think Google Sheets as a sneaky command hub. They deployed a slick new backdoor called GRIDTIDE, which uses a hardcoded key to authenticate, wipes and repurposes spreadsheets for covert ops like running commands, uploading files, and exfiltrating data in bite-sized chunks to dodge detection tools. This malware even polled for instructions every second before chilling out to avoid tipping off security pros, and in one instance, it lurked on a machine with sensitive PII, though actual theft wasn’t confirmed. Google, Mandiant, and allies just slammed the brakes on this campaign by nuking the bad guys’ cloud projects and infrastructure, notifying affected outfits, and sharing detection rules—but don’t get comfy, as these spies will probably pop up with fresh tricks soon, so SMBs and MSPs should audit your API access and edge systems pronto to stay one step ahead.

Source: https://www.bleepingcomputer.com/news/security/chinese-cyberspies-breached-dozens-of-telecom-firms-govt-agencies/