Last updated 1 month ago
The UNC2814 GRIDTIDE campaign compromised at least 53 organizations across 42 countries, primarily targeting international governments and global telecommunications organizations. The campaign spanned Africa, Asia, and the Americas, with Google and industry partners disrupting the threat actor's infrastructure in February 2026. The actor demonstrated persistence and evasion capabilities across multiple regions over an extended operational period.
Google attributed the campaign to UNC2814, a suspected China-nexus cyber espionage group with a history of targeting government and telecommunications sectors. The attack chain involved unauthorized access to organizational networks, though specific initial access vectors and exploitation techniques were not detailed in the disclosure. The campaign's primary objective appeared to be cyber espionage, though specific data types exfiltrated were not enumerated.
Google confirmed infrastructure disruption through coordinated action with industry partners in February 2026. The takedown operation targeted UNC2814's operational capabilities, though the group's complete neutralization status remains unspecified. The disclosure serves as a public notification to affected organizations across the 42 impacted countries.
Cyber espionage campaign targeting international governments and telecommunications organizations
The UNC2814 campaign demonstrates that sophisticated nation-state actors maintain persistent targeting of government and telecommunications sectors across multiple continents. The scale of 53 organizations across 42 countries indicates widespread security control failures in detecting and preventing unauthorized network access. The coordinated industry disruption in February 2026 highlights the necessity of cross-organizational threat intelligence sharing to counter advanced persistent threats.
Sign in to join the discussion.
Company
Industry
Disclosed
Records Affected
Attack Vector
Threat Actor
Industry
Attack Vector