Sign up to save your podcasts
Or
Share China Hackers Turn Google Sheets Into Spy Tools While US Telecoms Get Totally Owned
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
China Hackers Turn Google Sheets Into Spy Tools While US Telecoms Get Totally Owned
This is your Red Alert: China's Daily Cyber Moves podcast.
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacking chaos. Buckle up, because the past few days have been a red-hot frenzy of PRC cyber espionage slamming US targets and beyond—think telecoms turned spy hubs and Google Sheets as ninja command posts. Let's dive into the timeline that's got CISA and FBI on high alert.
It kicked off years ago, but UNC2814—this elusive China-linked crew Google's Threat Intelligence Group and Mandiant have tracked since 2017—ramped up big time. By early February 2026, they breached over 53 orgs in 42 countries, including US telecoms and government agencies, per Google's report dropped just yesterday. These hackers, also dubbed Gallium by some trackers, love edge systems like web servers for entry points. Their slick trick? GRIDTIDE backdoor malware that hijacks Google Sheets API for command-and-control. Picture this: malware pings cell A1 for orders, reports back by overwriting it, stashes recon in V1, and yoinks files from nearby cells. Pure genius—hides in legit SaaS traffic, evading firewalls like a ghost in the cloud. Google's own words: "Prolific intrusions of this scale are generally the result of years of focused effort."
Fast-forward to last week: Google and partners struck back, sinkholing UNC2814 domains, nuking their Cloud Projects, and notifying victims. They dropped IoCs from 2023 ops, updated malware sigs, and gave cloud customers hunt queries. But here's the US angle—CISA echoed warnings from Poland's energy hacks, urging critical infra to ditch default creds, enforce MFA on OT edges, segment IT/OT, and lock remote access. Singapore's four major telcos got hit in a mirror campaign, signaling China's telecom obsession for tracking persons of interest, much like Salt Typhoon but distinct.
New patterns? AI's the wildcard—China crews are LLM-jacking for phishing and recon, per Google, compressing breakout times to under 29 minutes as CrowdStrike's 2026 report blasts. Active threats: persistent GRIDTIDE access in US telcos could escalate to data dumps or disruptions, especially with Trump deferring China tech curbs, per lawmakers yesterday.
Defensive playbook, listeners: Hunt Google Sheets API abuse now, scan for GRIDTIDE IoCs via Google's queries, MFA everything, segment like your life's at stake. Escalation scenarios? If UNC2814 rebuilds—Google predicts they will—it pairs with OT footholds for blackouts or intel floods pre-geopolitical flare-ups, like those Middle East tensions.
Stay vigilant, patch fast, and zero-trust your way to safety. Thanks for tuning in—subscribe for more cyber dirt! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacking chaos. Buckle up, because the past few days have been a red-hot frenzy of PRC cyber espionage slamming US targets and beyond—think telecoms turned spy hubs and Google Sheets as ninja command posts. Let's dive into the timeline that's got CISA and FBI on high alert.
It kicked off years ago, but UNC2814—this elusive China-linked crew Google's Threat Intelligence Group and Mandiant have tracked since 2017—ramped up big time. By early February 2026, they breached over 53 orgs in 42 countries, including US telecoms and government agencies, per Google's report dropped just yesterday. These hackers, also dubbed Gallium by some trackers, love edge systems like web servers for entry points. Their slick trick? GRIDTIDE backdoor malware that hijacks Google Sheets API for command-and-control. Picture this: malware pings cell A1 for orders, reports back by overwriting it, stashes recon in V1, and yoinks files from nearby cells. Pure genius—hides in legit SaaS traffic, evading firewalls like a ghost in the cloud. Google's own words: "Prolific intrusions of this scale are generally the result of years of focused effort."
Fast-forward to last week: Google and partners struck back, sinkholing UNC2814 domains, nuking their Cloud Projects, and notifying victims. They dropped IoCs from 2023 ops, updated malware sigs, and gave cloud customers hunt queries. But here's the US angle—CISA echoed warnings from Poland's energy hacks, urging critical infra to ditch default creds, enforce MFA on OT edges, segment IT/OT, and lock remote access. Singapore's four major telcos got hit in a mirror campaign, signaling China's telecom obsession for tracking persons of interest, much like Salt Typhoon but distinct.
New patterns? AI's the wildcard—China crews are LLM-jacking for phishing and recon, per Google, compressing breakout times to under 29 minutes as CrowdStrike's 2026 report blasts. Active threats: persistent GRIDTIDE access in US telcos could escalate to data dumps or disruptions, especially with Trump deferring China tech curbs, per lawmakers yesterday.
Defensive playbook, listeners: Hunt Google Sheets API abuse now, scan for GRIDTIDE IoCs via Google's queries, MFA everything, segment like your life's at stake. Escalation scenarios? If UNC2814 rebuilds—Google predicts they will—it pairs with OT footholds for blackouts or intel floods pre-geopolitical flare-ups, like those Middle East tensions.
Stay vigilant, patch fast, and zero-trust your way to safety. Thanks for tuning in—subscribe for more cyber dirt! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Red Alert: China's Daily Cyber Moves podcast.
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacking chaos. Buckle up, because the past few days have been a red-hot frenzy of PRC cyber espionage slamming US targets and beyond—think telecoms turned spy hubs and Google Sheets as ninja command posts. Let's dive into the timeline that's got CISA and FBI on high alert.
It kicked off years ago, but UNC2814—this elusive China-linked crew Google's Threat Intelligence Group and Mandiant have tracked since 2017—ramped up big time. By early February 2026, they breached over 53 orgs in 42 countries, including US telecoms and government agencies, per Google's report dropped just yesterday. These hackers, also dubbed Gallium by some trackers, love edge systems like web servers for entry points. Their slick trick? GRIDTIDE backdoor malware that hijacks Google Sheets API for command-and-control. Picture this: malware pings cell A1 for orders, reports back by overwriting it, stashes recon in V1, and yoinks files from nearby cells. Pure genius—hides in legit SaaS traffic, evading firewalls like a ghost in the cloud. Google's own words: "Prolific intrusions of this scale are generally the result of years of focused effort."
Fast-forward to last week: Google and partners struck back, sinkholing UNC2814 domains, nuking their Cloud Projects, and notifying victims. They dropped IoCs from 2023 ops, updated malware sigs, and gave cloud customers hunt queries. But here's the US angle—CISA echoed warnings from Poland's energy hacks, urging critical infra to ditch default creds, enforce MFA on OT edges, segment IT/OT, and lock remote access. Singapore's four major telcos got hit in a mirror campaign, signaling China's telecom obsession for tracking persons of interest, much like Salt Typhoon but distinct.
New patterns? AI's the wildcard—China crews are LLM-jacking for phishing and recon, per Google, compressing breakout times to under 29 minutes as CrowdStrike's 2026 report blasts. Active threats: persistent GRIDTIDE access in US telcos could escalate to data dumps or disruptions, especially with Trump deferring China tech curbs, per lawmakers yesterday.
Defensive playbook, listeners: Hunt Google Sheets API abuse now, scan for GRIDTIDE IoCs via Google's queries, MFA everything, segment like your life's at stake. Escalation scenarios? If UNC2814 rebuilds—Google predicts they will—it pairs with OT footholds for blackouts or intel floods pre-geopolitical flare-ups, like those Middle East tensions.
Stay vigilant, patch fast, and zero-trust your way to safety. Thanks for tuning in—subscribe for more cyber dirt! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacking chaos. Buckle up, because the past few days have been a red-hot frenzy of PRC cyber espionage slamming US targets and beyond—think telecoms turned spy hubs and Google Sheets as ninja command posts. Let's dive into the timeline that's got CISA and FBI on high alert.
It kicked off years ago, but UNC2814—this elusive China-linked crew Google's Threat Intelligence Group and Mandiant have tracked since 2017—ramped up big time. By early February 2026, they breached over 53 orgs in 42 countries, including US telecoms and government agencies, per Google's report dropped just yesterday. These hackers, also dubbed Gallium by some trackers, love edge systems like web servers for entry points. Their slick trick? GRIDTIDE backdoor malware that hijacks Google Sheets API for command-and-control. Picture this: malware pings cell A1 for orders, reports back by overwriting it, stashes recon in V1, and yoinks files from nearby cells. Pure genius—hides in legit SaaS traffic, evading firewalls like a ghost in the cloud. Google's own words: "Prolific intrusions of this scale are generally the result of years of focused effort."
Fast-forward to last week: Google and partners struck back, sinkholing UNC2814 domains, nuking their Cloud Projects, and notifying victims. They dropped IoCs from 2023 ops, updated malware sigs, and gave cloud customers hunt queries. But here's the US angle—CISA echoed warnings from Poland's energy hacks, urging critical infra to ditch default creds, enforce MFA on OT edges, segment IT/OT, and lock remote access. Singapore's four major telcos got hit in a mirror campaign, signaling China's telecom obsession for tracking persons of interest, much like Salt Typhoon but distinct.
New patterns? AI's the wildcard—China crews are LLM-jacking for phishing and recon, per Google, compressing breakout times to under 29 minutes as CrowdStrike's 2026 report blasts. Active threats: persistent GRIDTIDE access in US telcos could escalate to data dumps or disruptions, especially with Trump deferring China tech curbs, per lawmakers yesterday.
Defensive playbook, listeners: Hunt Google Sheets API abuse now, scan for GRIDTIDE IoCs via Google's queries, MFA everything, segment like your life's at stake. Escalation scenarios? If UNC2814 rebuilds—Google predicts they will—it pairs with OT footholds for blackouts or intel floods pre-geopolitical flare-ups, like those Middle East tensions.
Stay vigilant, patch fast, and zero-trust your way to safety. Thanks for tuning in—subscribe for more cyber dirt! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI