A cyber espionage group with ties to the Chinese government has been conducting operations in Chile and 42 other countries, according to a recent report from Google. The group, identified as UNC2814, has been active since 2017, targeting governments and telecommunications organizations with sophisticated techniques designed to steal data and maintain long-term access to systems.
The revelation comes amid heightened tensions surrounding a latest fiber optic cable project connecting Chile and China, raising concerns about potential security risks. Google and Mandiant, a cybersecurity firm, have taken steps to disrupt the campaign, cutting off access and disabling infrastructure used by the group. The findings underscore the growing threat of state-sponsored cyberattacks and the challenges of attributing these activities to specific actors.
Details of the Cyber Espionage Campaign
The Google Threat Intelligence Group’s report details how UNC2814 utilizes applications as a service (SaaS) to carry out its malicious activities. Specifically, the group exploits the Google Sheets API to conceal malicious traffic, disguising it as legitimate activity. This tactic allows them to evade detection and maintain a low profile although infiltrating target networks. According to the report, instead of exploiting vulnerabilities, the attackers leverage cloud-hosted products to operate and make their traffic appear benign. This method enhances the stealth of their intrusions.
The detection of UNC2814 was accelerated by the identification of a backdoor known as GRIDTIDE. This discovery provided crucial insights into the group’s methods and allowed for a more effective response. The group’s activities have been confirmed in 42 countries across Africa, Asia, and the Americas, demonstrating the breadth and scope of their operations.
Connection to the China-Chile Cable Project
The timing of Google’s report is particularly noteworthy given the ongoing debate surrounding the construction of a submarine fiber optic cable between China and Chile. The project, intended to improve connectivity and data transfer speeds, has sparked concerns about potential surveillance and data security risks. Critics argue that the cable could provide China with a backdoor for espionage, while proponents emphasize the economic benefits of increased connectivity. The cable project is currently in development, with details available here.
CNN Chile reported on the Google findings on March 10, 2026, further amplifying the concerns surrounding the cyber espionage activities. See the CNN Chile report on X. BioBioChile likewise covered the story, highlighting the potential for data theft in Chile and across the globe. Read the full report on BioBioChile.
UNC2814: A Prolific and Elusive Threat
Google describes UNC2814 as a “prolific and elusive” hacking group with a long history of targeting international governments and global telecommunications organizations. El Zorronortino reports that the group has been tracked since 2017. The group’s ability to adapt and utilize sophisticated techniques makes it a challenging adversary for cybersecurity professionals. The use of APIs to mask malicious traffic is a particularly concerning tactic, as it allows the group to blend in with legitimate network activity.
CNN Chile also reported on the issue, noting the timing in relation to the cable project. Read the CNN Chile report.
As investigations continue, authorities are likely to focus on strengthening cybersecurity defenses and improving threat intelligence sharing to mitigate the risk of future attacks. The incident serves as a stark reminder of the importance of vigilance and proactive security measures in the face of evolving cyber threats.
What comes next will likely involve increased scrutiny of the China-Chile cable project and a broader assessment of potential vulnerabilities in critical infrastructure. The international community will also be watching closely to see how China responds to these allegations and whether further action is taken to address the threat posed by UNC2814.
Share your thoughts on this developing story in the comments below.
