Suspected Chinese Cyberespionage Operation Hits 53 Telecoms

Google Unmasks, Disrupts Group Using Sheets for Command-and-Control Purposes Mathew J. Schwartz (euroinfosec) • February 26, 2026

Likely Chinese nation-state hackers used online spreadsheets as infrastructure for hacking campaigns that affected at least 53 telecom operators across 42 countries, Google disclosed Wednesday.

See Also: Why HSMs Are Critical to Digital Asset Security

Threat researchers at Google said telecoms in 20 or more other countries may also have fallen victim to the campaign, mounted by a threat actor the computing giant tracks as UNC2814.

Working with industry partners, Google disrupted the apparent cyberespionage operation by blocking infrastructure being used to facilitate the activity. "This included the sinkholing of both current and historical domains used by the group in order to further dismantle UNC2814's access to compromised environments," it said.

Google said it notified suspected victims directly and released indicators of compromise. UNC2814 appears to be affiliated with ...