Google disclosed action against GRIDTIDE, a global cyber espionage campaign tracked by Mandiant, saying it disrupted infrastructure tied to the operation and published new threat intelligence on the actor’s activity. The campaign was described as an espionage effort with international reach, and Google said the disruption was intended to hinder the group’s ability to conduct ongoing intrusions and intelligence collection.
The disclosure came through a Google Cloud threat intelligence report by Mandiant that framed GRIDTIDE as a coordinated spying operation rather than financially motivated cybercrime. While the public notice focused on the disruption and attribution effort, it also signaled that defenders should review the newly released intelligence for indicators, targeting patterns, and tradecraft associated with GRIDTIDE to identify possible exposure and strengthen detection coverage.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
1 event from the most recent confirmed update back to the earliest known activity.
Google Cloud published a threat intelligence blog post describing efforts to disrupt the GRIDTIDE global cyber espionage campaign. The provided references do not include additional incident details beyond the publication itself.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
cloud.google.com
Open sourcecloud.google.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.