Google said on Wednesday that it disrupted a Chinese-linked hacking group responsible for breaching at least 53 organisations in 42 countries.

The group, identified as UNC2814 and Gallium, has spent nearly a decade targeting government bodies and telecommunications firms, the company told Reuters.

The chief analyst of Google Threat Intelligence Group,
John Hultquist, said, “This was a vast surveillance apparatus used to spy on people and organisations throughout the world.”

Google and its unnamed partners terminated the hacking group’s Google Cloud projects, took down its internet infrastructure, and disabled the accounts it used on Google Sheets to conduct targeting and data theft operations.

Google said the group used Google Sheets to avoid detection and mimic normal network activity, emphasizing that no Google product was actually compromised.

senior manager of Google’s Threat Intelligence Group, Charlie Snyder, stated that the group had gained confirmed access to 53 unnamed organisations across 42 countries, with possible access in at least 22 additional countries at the time of its disruption.

He did not reveal the identities of the affected organisations but noted that in one case, the group had installed a backdoor, dubbed GRIDTIDE by Google, on a system storing full names, phone numbers, birth details, voter IDs, and national ID numbers.

However, Google said this activity is separate from another high-profile Chinese hacking campaign targeting the telecommunications sector, known as Salt Typhoon.