On February 18, hackers linked to Beijing were exposed after infiltrating dozens of telecom networks worldwide for nearly a decade, exposing the fragility of global communications infrastructure and highlighting the existential importance telco infrastructure protection for global operators.
On Wednesday, in a research report at Google Threat Intelligence Group and Mandiant, 53 telecommunications companies and government agencies compromised 42 countries and their telco infrastructure protection.
Tracked as UNC2814, the group exploited legitimate cloud features to disguise espionage activity as routine traffic, a tactic exposing how modern networks can be turned against themselves and why telecommunications defense must remain a strategic priority.
Decade Long Infiltration of Global Telecoms
Google described UNC2814 as a “prolific, elusive” China-linked hacking team with “a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,” underscoring the scale of cyber espionage telecommunications threats.
The breadth of the breach reflects nearly ten years of calculated hacking telecom infrastructure, a warning sign for regulators focused on telecommunications defense.
Researchers warned that “Prolific intrusions of this scale are generally the result of years of focused effort and will not be easily re-established. We expect that UNC2814 will work hard to re-establish their global footprint.”
At the heart of the campaign was a previously undocumented backdoor called GRIDTIDE. Instead of relying on traditional command servers, the attackers abused Google Sheets’ API to communicate with infected systems, highlighting weaknesses in telco infrastructure security.
“The attacker was using API calls to communicate with [software-as-a-service] apps as command-and-control (C2) infrastructure to disguise their malicious traffic as benign,” researchers explained.
GRIDTIDE searched for instructions in spreadsheet cell A1, then quietly reported stolen data back through other cells, illustrating how hacking telcos can unfold in plain sight.
Once embedded, it conducted “host-based reconnaissance,” collecting details about machines, users, and network environments as a reminder of why protecting telecom networks is no longer optional.
Google said the information “is then exfiltrated and stored in cell V1 of the attacker-controlled spreadsheet.”
These companies manage critical infrastructure that underpin internet access, voice communications, and financial systems, making telco infrastructure protection central to national resilience.
Google warned that the campaign highlights “the serious threat facing telecommunications and government sectors, and the capacity for these intrusions to evade detection by defenders,” a reality shaping global telecommunications defense strategies.
Why Is Cybersecurity Now Core to Telecom Survival?
Mobile network operators (MNOs) are prime targets because they control vast data flows and sensitive customer records, placing telcos cyber security at the forefront of executive agendas.
A single breach can trigger regulatory penalties and long-term reputational damage, strengthening the case for sustained telco infrastructure protection investment.
Beyond customer data, telecom networks are strategic assets whose disruption can ripple across economies, reinforcing the importance of protecting telecom networks at every layer. The persistence of cyber espionage telecommunications campaigns demonstrates how state-backed actors view carriers as intelligence gateways.
In response to the UNC2814 campaign, Google disabled the attackers’ cloud projects and severed their access a decisive move supporting broader telco infrastructure protection efforts.
“We terminated all Cloud Projects controlled by the attacker, effectively severing their persistent access,” researchers wrote, while releasing indicators of compromise to help victims investigate further.
Continuous training, threat monitoring, and regulatory compliance now define serious telecommunications defense planning. As networks evolve toward cloud-native architectures, operators must prioritize layered safeguards and real-time monitoring to prevent future infiltration.
The UNC2814 case shows that adversaries are patient and adaptive. For telecom operators worldwide, cybersecurity is no longer just an IT function; it is the foundation of operational stability and a decisive factor in telco infrastructure protection across an increasingly contested digital landscape.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.