This event is archived. Final snapshot from when the story concluded. View on Dashboard
Events / Google Disrupts Chinese-Linked...
Tech cyberattack disruption

Google Disrupts Chinese-Linked Hacking Group UNC2814

Analysis based on 13 articles · First reported Feb 25, 2026 · Last updated Feb 25, 2026

Sentiment
20
Attention
4
Articles
13
Market Impact
Direct
Live prominence charts, article sentiment distribution, and event development timeline available on the NewsDesk Dashboard
Market Impact

The disruption of the Chinese-linked hacking group by Google is a positive for cybersecurity firms and telecommunications companies, as it reduces the threat of data breaches. However, the ongoing cyber espionage activities linked to China could lead to increased geopolitical tensions and further investment in cybersecurity measures across various industries.

Cybersecurity Telecommunications Government
Event Summary

Google has successfully disrupted a Chinese-linked hacking group, UNC2814 (also known as 'Gallium'), which had breached at least 53 organizations across 42 countries over nearly a decade. The group primarily targeted government organizations and telecommunications companies for surveillance and data theft. Google, in collaboration with unnamed partners, terminated Google===Google Cloud Platform projects used by the hackers, disabled their internet infrastructure, and shut down accounts used to access Google===Google Sheets for malicious activities. While Google clarified that its products were not compromised, the hackers exploited Google===Google Sheets to evade detection. China, through its embassy spokesperson Liu Pengyu, denied involvement and condemned hacking activities, emphasizing dialogue and cooperation on cybersecurity. This event highlights persistent cyber espionage concerns, distinct from other Chinese hacking campaigns like 'Salt Typhoon' which targeted US organizations.

Key Actions
95 Google disrupted Chinese-linked hacking group UNC2814
85 China linked to hacking group UNC2814
70 Google terminated Google===Google Cloud Platform projects controlled by UNC2814 Google===Google Cloud Platform
65 Google disabled accounts used by UNC2814 to access Google===Google Sheets Google===Google Sheets
50 Liu Pengyu denied China's involvement in hacking activities China
Entities Involved
stock
Google
Google successfully disrupted a Chinese-linked hacking group, UNC2814, preventing further data theft and surveillance. This action enhances Google's reputation in cybersecurity, although the use of Google===Google Sheets by the hackers highlights a potential vulnerability in how their products can be misused.
Importance 90 Sentiment 30
cnt
China
China is implicated as being linked to the UNC2814 hacking group, which conducted extensive surveillance and data theft globally. Despite China's denial, these activities contribute to negative perceptions regarding its cyber espionage practices.
Importance 80 Sentiment -20
subs
Google===Google Cloud Platform
Google===Google Cloud Platform projects were controlled by the UNC2814 hacking group, which Google and its partners terminated. This indicates the platform's potential for misuse by malicious actors, though Google's swift action mitigated further damage.
Importance 40 Sentiment 0
subs
Google===Google Sheets
The UNC2814 hacking group used Google===Google Sheets to evade detection and carry out targeting and data theft operations. Google clarified that this was not a compromise of the product itself but rather a misuse of its features.
Importance 40 Sentiment 0
per
John Hultquist
John Hultquist, chief analyst with Google Threat Intelligence Group, provided commentary on the extensive surveillance apparatus used by the UNC2814 hacking group.
Importance 30 Sentiment 0
per
Charles Snyder
Charles Snyder, senior manager of Google Threat Intelligence Group, confirmed the scope of the UNC2814 group's access to entities across 42 countries.
Importance 30 Sentiment 0
cnt
United States
The United States government has previously linked other telecommunications-focused Chinese hacking activity, 'Salt Typhoon', to China, which targeted US organizations and political figures. This context reinforces concerns about Chinese cyber activities.
Importance 20 Sentiment 0
+ 2 more entities View on Dashboard
Relationships
John Hultquist related Google
Charles Snyder related Google
Google===Google Cloud Platform related Google
Google===Google Sheets related Google
Liu Pengyu related China
Google related China
NEWSDESK
Track this event live

Set up alerts, explore entity relationships, search across thousands of events, and build custom intelligence feeds.

Open Dashboard

About NewsDesk

NewsDesk is a news intelligence platform that converts raw news articles into structured data. It tracks events, entities, and the relationships between them, with sentiment and attention metrics derived from thousands of articles. Pages on this site are daily static snapshots from the platform's live database. For real-time tracking, search, and alerts, the full dashboard is at app.newsdesk.dev.