← All Threat Actors
Threat Actor Profile

UNC2814

No known aliases in database
▲ High Threat
GRIDTIDE, AI-Enhanced Vulnerability Research
Origin China
Sponsor People's Republic of China (PRC)
Motivation Strategic intelligence collection and long-term surveillance of communications data and personnel

Target Sectors

Telecommunications Providers Government Entities

Known TTPs

Abuse of Google Sheets API for stealthy Command and Control (C2)
Use of GRIDTIDE C-based backdoor
AI-augmented vulnerability research (expert persona prompting for binary analysis)
Compromise of web servers and edge systems for initial access
Privilege escalation via xapt binary (masquerading as Debian tool)
SSH lateral movement
Creation of malicious systemd services
URL-safe Base64 encoding for web filtering bypass

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD