Find notable cyber news and cases, enriched with sources, timelines, and signals.

GridTide Google Sheets C2 backdoor

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The GridTide backdoor was exposed as a covert Google Sheets C2 tool for UNC2814, allowing operators to run shell commands and move files inside targeted environments. The malware mattered because it hid control traffic inside legitimate-looking cloud API requests, making detection harder. Google and partners later disrupted the infrastructure and cut off attacker-controlled access.

Related Happenings

Google Dialogflow CX Code Blocks shared-runtime isolation security flaw

Vulnerability
H score32 First: 07.07.2026 19:37 Last: 07.07.2026 19:37 Sources 1

About this happening: **Google Dialogflow CX Code Blocks** had a shared-runtime isolation flaw that could let one editable agent affect other **Code Block-enabled agents** in the same **Google Cloud pr...

Google Cloud Vertex AI SDK Python predictable bucket squatting security flaw

Vulnerability
H score1 First: 16.06.2026 22:05 Last: 16.06.2026 22:05 Sources 1

About this happening: **Google Cloud Vertex AI SDK for Python** had a **predictable temporary bucket** flaw that let an attacker hijack model uploads and reach **code execution** inside Google's servin...

Google Cloud Platform API key revocation testing finds minutes-long post-deletion authentication

Technical Analysis
H score16 First: 21.05.2026 23:07 Last: 21.05.2026 23:07 Sources 1

About this happening: Testing showed **deleted Google Cloud Platform API keys** could still authenticate for **minutes after revocation**, creating a post-deletion abuse window that weakens **incident...

Zealot autonomous AI cloud intrusion proof of concept

Technical Analysis
H score28 First: 23.04.2026 13:09 Last: 23.04.2026 13:09 Sources 1

About this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...

Unit 42 Zealot proves autonomous cloud attack chaining in GCP

Technical Analysis
H score28 First: 23.04.2026 13:00 Last: 23.04.2026 13:00 Sources 1

About this happening: **Unit 42's Zealot PoC** shows autonomous AI can chain cloud attack stages in a live **Google Cloud Platform** environment, shrinking defender reaction time to minutes. The system...

Timeline

  1. 26.02.2026 14:09 2 articles · 4mo ago

    Google details GridTide Google Sheets command-and-control and disrupts UNC2814 infrastructure

    Technical Analysis Update

    Google and Mandiant described GridTide, a novel backdoor used by UNC2814, as a covert command-and-control tool that leveraged Google Sheets to execute arbitrary shell commands, upload and download files, and hide traffic inside legitimate cloud API requests. Google said the China-linked operation had been active since 2017, targeted governments and global telecommunications organizations across Africa, Asia and the Americas, impacted at least 53 victims across 42 nations, and was disrupted by disabling attacker accounts, revoking Google Sheets API use for C2, and terminating attacker-controlled Google Cloud Projects.

    Show sources