This post is also available in: Bosnian
Google company stated in its report that, together with partners, it has taken measures to prevent a global espionage campaign targeting telecommunications and governmental organizations in dozens of countries across four continents.
Bosnia and Herzegovina is also on the map of countries with suspected or confirmed victims of this campaign.
As the February 25 post explained, the Google Threat Intelligence Group, GTIG, together with the cybersecurity company Mandiant and other unnamed partners, discovered threat UNC2814, stating that it suspects a cyber-espionage hacking group linked to China, which GTIG has been monitoring since 2017, is responsible.
The group is described as elusive, with a long history of targeting international governments and global telecommunications organizations across Africa, Asia and America since 2017.
Recent activities of UNC2814, which is reported to have used malware, primarily focused on targeting telecommunications providers and governmental organizations.
The post stated that Google had confirmed 53 intrusions by UNC2814 in 42 countries worldwide and had identified suspicious intrusions in at least 20 other countries.
“This large scale is likely the result of a decade of focused effort,” it states. The post does not provide details about the compromised organizations.
In addition to removing the malicious software, Google stated that, together with its partner companies, it has identified and disabled all known UNC2814 infrastructure.
It also mentioned that formal notifications have been issued to the victims, and that Google is actively providing support to organizations with verified compromises resulting from hacking activities.
As explained, the hackers accessed their victims by installing malicious software that they linked to the online Google Sheets tool.
It is suspected that this action enabled the hackers to steal various data about individuals and their communications, it is stated. In addition to Bosnia and Herzegovina, Serbia, Montenegro and Kosovo are also marked on the map of countries from the Western Balkans with suspected or confirmed victims.
Nedim Gvozdjar, one of the founders of the e-Transformation association, which deals with cybersecurity in Bosnia and Herzegovina, explained that this is classic state cyber espionage aimed at gathering strategic information.
“The attackers did not ‘break the lock’ by exploiting a technical flaw but used legitimate services as a covert channel – which is a typical pattern of contemporary APT (Advanced Persistent Threat) operations, meaning an advanced and long-term threat,” he said.
“This is not an ordinary hacking attack. It is a systematic, long-term operation usually carried out by a state or by actors connected to a state, as well as highly organized groups with big resources,” Gvozdjar explained.
He said the goals of this campaign were intelligence-related.
“The focus was on telecom operators, state institutions and systems that process large amounts of personal and communication data. Such an approach allows for communications control, identification of persons of interest, and long-term monitoring of targets,” Gvozdjar said.
He added that, although Google and its partners have stopped the campaign, experience shows that such groups almost always try to regain access, using new methods and infrastructure. “Which means that the threat is not permanently removed, only temporarily halted,” Gvozdjar said.
Chinese Embassy in Washington spokesperson Liu Pengyu, answering a query from Reuters on February 25, stated that “cybersecurity is a common challenge facing all countries and it must be addressed through dialogue and cooperation.
“China consistently opposes and fights against hacking activities in accordance with the law, while firmly rejecting attempts to use cybersecurity issues to blacken or defame China,” Pengyu added.
Although two years ago it took the first steps towards establishing a Cyber Emergency Response Team, CERT, for institutions and citizens, Bosnia and Herzegovina is still the only country in Europe that does not have such a team up and running due to administrative obstacles and a lack of political consensus.
Bosnia and Herzegovina is the lowest-rated European country according to the National Cybersecurity Index of the Estonian e-Governance Academy, as well as the digital development index monitored by the same organization.
The reason for this is also the lack of cybersecurity strategy, a law on information security, organization and jurisdiction of state authorities to combat cybercrime, as well as critical infrastructure.
According to the Ministry of Interior of Republika Srpska, the number of high-tech crime offenses over the past three years amounted to 675, 124 of which were recorded in 2025.
Over the same period, the Federation Police Administration recorded 183 criminal offenses related to electronic data processing systems and computer crime.
These statistics only reflect cases in which certain cyber threats or attacks were reported to the police, however.
Experts warn that the number of actual such threats is likely far higher and difficult to measure without adequate laws and institutions taking account of them.
