The humble spreadsheet is a staple of modern work, one you probably barely think about. But with global systems intimately interconnected, and only growing more so, it seems almost anything can be an attack vector. Such is the case with Google Sheets. Google reports that it disrupted a wide-ranging cyberattack that used the web app as a backdoor to spy on users. Google’s Threat Intelligence Group, working with the Mandiant team (which Google purchased in 2022), points the finger at UNC2814 , a China-affiliated group that’s been operating for almost a decade. According to the report, the hackers created a backdoor using the Google Sheets API, allowing it to collect usernames, hostnames, IP addresses, and other information. There was no “infection” in the layman’s sense—this was more of a state-sponsored espionage campaign than a deliberate attempt at theft or sabotage. The report claims the “GRIDTIDE” system has been in place since 2023, with verified intrusions in 42 nations and 53 specific targets, with 20 nations suspected as other targets. “This prolific scope is likely the result of a decade of concentrated effort,” says Google, with a focus on telecommunications and government agencies. The system has been disrupted, or at least is currently inoperable as best as the Threat Intelligence Group can tell. Accounts used to deploy the GRIDTIDE system have been shut down, plus the underlying domains and infrastructure, with affected victims notified formally.