IT, Telecom & Cyber · International (Houston)

China-linked hackers used Google Sheets to spy on telecoms and reshape IT, Telecom & Cyber sourcing priorities

Published Mar 2, 2026, 6:44 AM CSTINTERNATIONALFull category signal
Ask AI
China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries

In 60 seconds

Top move

Schedule a supplier call with Microsoft to validate vendor support coverage, secure fallback slots around China-linked hackers used Google Sheets to, and trade extension options for committed capacity if needed

Key takeaways

  • Schedule a supplier call with Microsoft to validate vendor support coverage, secure fallback slots around China-linked hackers used Google Sheets to, and trade extension options for committed capacity if needed.[2]
  • The lead signals for IT, Telecom & Cyber are no longer just descriptive; they point to immediate sourcing implications around supplier capacity.[1]

What changed since last run

  • Lead coverage has rotated toward "China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries", shifting the brief toward more immediate execution implications.

Key facts

  • Google has disrupted a China-linked espionage group that used Google’s spreadsheet applicatio
  • Working with Mandiant, GTIG confirmed intrusions at 53 organizations across 42 countries, wit
  • The group, identified by Google as UNC2814, is a suspected PRC-nexus actor that GTIG has trac
  • Unlike Salt Typhoon, UNC2814, the China-linked group whose intrusions into US telecom carrier
  • According to a recent ISC2 survey, 33% of organizations cannot staff their security teams ade
  • The role, which the ad describes as “one of the most influential cyber security leadership ro

Why it matters

The lead signals for IT, Telecom & Cyber are no longer just descriptive; they point to immediate sourcing implications around supplier capacity. Lead move: Google has disrupted a China-linked espionage group that used Google’s spreadsheet application as a covert spy tool to compromise telecom providers and government agencies across 42 countries, sending commands and receiving stolen data through it, Google’s Threat Intelligence Group (GTIG) said on Thursday. That shifts IT, Telecom & Cyber focus toward supplier capacity and changes the ask to Microsoft. The practical read-through is that buyers should tighten supplier challenge, pricing discipline, and contract optionality before the next decision gate

Cost / money

  • Signal: According to a recent ISC2 survey, 33% of organizations cannot staff their security teams adequately The result of this shortage is that these professionals are handsomely rewarded — but no-one appears to have told the UK government. That shifts IT, Telecom & Cyber focus toward cost pressure and changes the ask to Cisco.[2]
  • Tighter availability often shows up later as expediting, standby, or substitution cost. The immediate job is to see where delays could become avoidable spend.[2]
  • Use this to refresh should-cost views and challenge any fast repricing. Keep the read-through directional unless the source itself provides hard commercial numbers.[1]

Supplier / commercial

  • This matters for IT, Telecom & Cyber because capacity and lead-time signals can move supplier prioritization, award timing, and contingency lanes with 42, 53, 20 as the clearest commercial anchors; buyers should plan for renewal uplift asks.[2]
  • This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 33, 130,000, 175,000 as the clearest commercial anchors; expect bundling platform offers.[1]
  • Trade extension options, standby retainer, or minimum-volume commits for committed capacity. Protect delivery certainty without paying full scarcity premiums upfront while keeping fallback capacity live.[2]
  • Use Price caps/collars. Limit upside cost exposure while preserving awardability for time-sensitive work and keeping the supplier commercially engaged.[1]

Safety / operations

  • Where supplier availability tightens, schedule pressure can spill into safety or quality risk if teams start accepting late substitutions or compressed mobilization windows.[2]
  • The operational risk is indirect: tight budgets or repricing battles often reappear later as reduced slack, substitutions, or execution compromises that buyers then have to manage.[1]

What to watch

  • Watch whether China-linked hackers used Google Sheets to turns into visible slot scarcity, longer qualification queues, or firmer allocation language from Microsoft.[2]
  • Watch whether Microsoft starts using One of the most influential cybersecurity as a repricing reference in quotes, escalator asks, or budget resets.[1]
  • China-linked hackers used Google Sheets to creates supplier capacity. Trigger: Google has disrupted a China-linked espionage group that used Google’s spreadsheet application as a covert spy tool to compromise telecom providers and government agencies across 42 countries, sending commands and receiving stolen data through it, Google’s Threat Intelligence Group (GTIG) said on Thursday.[2]
  • One of the most influential cybersecurity creates cost pressure. Trigger: According to a recent ISC2 survey, 33% of organizations cannot staff their security teams adequately The result of this shortage is that these professionals are handsomely rewarded — but no-one appears to have told the UK government.[1]

Top stories

Story 1CSO OnlineFeb 26, 2026

China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries

Signal strongSource-grounded
Source notes [2]Read source

What happened

Google has disrupted a China-linked espionage group that used Google’s spreadsheet application as a covert spy tool to compromise telecom providers and government agencies across 42 countries, sending commands and receiving stolen data through it, Google’s Threat Intelligence Group (GTIG) said on Thursday. Working with Mandiant, GTIG confirmed intrusions at 53 organizations across 42 countries, with suspected infections in at least 20 more. This matters for IT, Telecom & Cyber because capacity and lead-time signals can move supplier prioritization, award timing, and contingency lanes with 42, 53, 20 as the clearest commercial anchors; buyers should plan for renewal uplift asks

Buyer takeaway

For IT, Telecom & Cyber, this is mainly an availability and execution signal; sequencing, fallback coverage, and supplier responsiveness may matter more than list price

Cost / money

Tighter availability often shows up later as expediting, standby, or substitution cost. The immediate job is to see where delays could become avoidable spend

Supplier / commercial

Capacity pressure usually strengthens supplier leverage. Check who can still commit on timing, what backup coverage exists, and whether current contract language protects against slippage

Safety / operations

Where supplier availability tightens, schedule pressure can spill into safety or quality risk if teams start accepting late substitutions or compressed mobilization windows

What to watch

Watch lead times, crew or vessel allocation, and whether suppliers are quietly narrowing commitment windows before the next sourcing gate

Key facts

  • Google has disrupted a China-linked espionage group that used Google’s spreadsheet applicatio
  • Working with Mandiant, GTIG confirmed intrusions at 53 organizations across 42 countries, wit
  • The group, identified by Google as UNC2814, is a suspected PRC-nexus actor that GTIG has trac
  • Unlike Salt Typhoon, UNC2814, the China-linked group whose intrusions into US telecom carrier
Story 2CSO OnlineFeb 27, 2026

One of the ‘most influential cybersecurity’ roles will pay under $175,000

Signal strongSource-grounded
Source notes [1]Read source

What happened

According to a recent ISC2 survey, 33% of organizations cannot staff their security teams adequately The result of this shortage is that these professionals are handsomely rewarded — but no-one appears to have told the UK government. The role, which the ad describes as “one of the most influential cyber security leadership roles in the UK,” offers a maximum salary of £130,000 (about $175,000) — and none of the stock options or other inducements common in industry. This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 33, 130,000, 175,000 as the clearest commercial anchors; expect bundling platform offers

Buyer takeaway

For IT, Telecom & Cyber, treat this as a cost-boundary signal rather than just a headline; buyer assumptions may need refreshing before the next quote or award decision

Cost / money

Use this to refresh should-cost views and challenge any fast repricing. Keep the read-through directional unless the source itself provides hard commercial numbers

Supplier / commercial

Suppliers with fresh cost justification may push harder on reopeners, indexation, shorter quote validity, or pass-through language. Buyers should separate real drivers from negotiation posture

Safety / operations

The operational risk is indirect: tight budgets or repricing battles often reappear later as reduced slack, substitutions, or execution compromises that buyers then have to manage

What to watch

Watch for shorter quote validity, reopeners, pass-through requests, or attempts to reset pricing on the back of weak evidence

Key facts

  • According to a recent ISC2 survey, 33% of organizations cannot staff their security teams ade
  • The role, which the ad describes as “one of the most influential cyber security leadership ro
  • Successful candidates will have “expertise in securing cloud environments and emerging techno
  • “As CISO, you will work with colleagues to set and implement the organisation’s cyber and inf

VP Snapshot

Executive Risk & Action View

The biggest executive exposure for IT, Telecom & Cyber is supplier capacity because today's lead stories point to faster-moving supplier and commercial decisions than the current brief cadence alone would suggest.

Overall
67
Cost
53
Supply
50
Schedule
30
Compliance
15

Top signals

0-30dsupply

Signal 1: China-linked hackers used Google Sheets to

This matters for IT, Telecom & Cyber because capacity and lead-time signals can move supplier prioritization, award timing, and contingency lanes with 42, 53, 20 as the clearest commercial anchors; buyers should plan for renewal uplift asks.

30-180dcost

Signal 2: One of the most influential cybersecurity

This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 33, 130,000, 175,000 as the clearest commercial anchors; expect bundling platform offers.

Recommended actions

Category ManagerDue 5d

Schedule a supplier call with Microsoft to validate vendor support coverage, secure fallback slots around China-linked hackers used Google Sheets to, and trade extension options for committed capacity if needed.

This should improve negotiating posture and reduce surprise exposure against the supplier capacity now visible in the brief.

ContractsDue 10d

Email Microsoft to reconfirm license renewals, keep quote validity short around One of the most influential cybersecurity, and push for breach response slas instead of open-ended surcharge language.

This should improve negotiating posture and reduce surprise exposure against the market direction now visible in the brief.

Risk register

RiskTriggerMitigation
China-linked hackers used Google Sheets to creates supplier capacity.Google has disrupted a China-linked espionage group that used Google’s spreadsheet application as a covert spy tool to compromise telecom providers and government agencies across 42 countries, sending commands and receiving stolen data through it, Google’s Threat Intelligence Group (GTIG) said on Thursday.Schedule a supplier call with Microsoft to validate vendor support coverage, secure fallback slots around China-linked hackers used Google Sheets to, and trade extension options for committed capacity if needed.
One of the most influential cybersecurity creates cost pressure.According to a recent ISC2 survey, 33% of organizations cannot staff their security teams adequately The result of this shortage is that these professionals are handsomely rewarded — but no-one appears to have told the UK government.Email Microsoft to reconfirm license renewals, keep quote validity short around One of the most influential cybersecurity, and push for breach response slas instead of open-ended surcharge language.

CM Snapshot

Category Manager Decision Detail

Today's priorities

Schedule a supplier call with Microsoft to validate vendor support coverage, secure fallback slots around China-linked hackers used Google Sheets to, and trade extension options for committed capacity if needed.

This matters for IT, Telecom & Cyber because capacity and lead-time signals can move supplier prioritization, award timing, and contingency lanes with 42, 53, 20 as the clearest commercial anchors; buyers should plan for renewal uplift asks.

Due 3d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Email Microsoft to reconfirm license renewals, keep quote validity short around One of the most influential cybersecurity, and push for breach response slas instead of open-ended surcharge language.

This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 33, 130,000, 175,000 as the clearest commercial anchors; expect bundling platform offers.

Due 7d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Supplier radar

Microsoft

high

Observed supplier signal

Google has disrupted a China-linked espionage group that used Google’s spreadsheet application as a covert spy tool to compromise telecom providers and government agencies across 42 countries, sending commands and receiving stolen data through it, Google’s Threat Intelligence Group (GTIG) said on Thursday.

Commercial implication

This matters for IT, Telecom & Cyber because capacity and lead-time signals can move supplier prioritization, award timing, and contingency lanes with 42, 53, 20 as the clearest commercial anchors; buyers should plan for renewal uplift asks.

Next step: Schedule a supplier call with Microsoft to validate vendor support coverage, secure fallback slots around China-linked hackers used Google Sheets to, and trade extension options for committed capacity if needed.

Cisco

high

Observed supplier signal

According to a recent ISC2 survey, 33% of organizations cannot staff their security teams adequately The result of this shortage is that these professionals are handsomely rewarded — but no-one appears to have told the UK government.

Commercial implication

This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 33, 130,000, 175,000 as the clearest commercial anchors; expect bundling platform offers.

Next step: Email Microsoft to reconfirm license renewals, keep quote validity short around One of the most influential cybersecurity, and push for breach response slas instead of open-ended surcharge language.

Negotiation levers

Trade extension options, standby retainer, or minimum-volume commits for committed capacity

When to use: Use when China-linked hackers used Google Sheets to points to tightening slots or scarce availability from Microsoft.

Expected outcome: Protect delivery certainty without paying full scarcity premiums upfront while keeping fallback capacity live.

Commercial mechanism to carry into the next supplier conversation

Use Price caps/collars

When to use: Use when Cisco cites One of the most influential cybersecurity to justify immediate repricing or wider surcharge language.

Expected outcome: Limit upside cost exposure while preserving awardability for time-sensitive work and keeping the supplier commercially engaged.

Commercial mechanism to carry into the next supplier conversation

Talking points

IT, Telecom & Cyber conditions are now tactical: the latest signals justify immediate outreach to Microsoft and a clause-by-clause contract refresh.
Use today's signal mix to challenge license renewals, confirm vendor support coverage, and preserve fallback options before leverage deteriorates.

Supplier radar

SupplierSignalImplicationNext stepConfidence
MicrosoftGoogle has disrupted a China-linked espionage group that used Google’s spreadsheet application as a covert spy tool to compromise telecom providers and government agencies across 42 countries, sending commands and receiving stolen data through it, Google’s Threat Intelligence Group (GTIG) said on Thursday.This matters for IT, Telecom & Cyber because capacity and lead-time signals can move supplier prioritization, award timing, and contingency lanes with 42, 53, 20 as the clearest commercial anchors; buyers should plan for renewal uplift asks.Schedule a supplier call with Microsoft to validate vendor support coverage, secure fallback slots around China-linked hackers used Google Sheets to, and trade extension options for committed capacity if needed.high
CiscoAccording to a recent ISC2 survey, 33% of organizations cannot staff their security teams adequately The result of this shortage is that these professionals are handsomely rewarded — but no-one appears to have told the UK government.This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 33, 130,000, 175,000 as the clearest commercial anchors; expect bundling platform offers.Email Microsoft to reconfirm license renewals, keep quote validity short around One of the most influential cybersecurity, and push for breach response slas instead of open-ended surcharge language.high

Negotiation levers

  • Trade extension options, standby retainer, or minimum-volume commits for committed capacityUse when China-linked hackers used Google Sheets to points to tightening slots or scarce availability from Microsoft.Protect delivery certainty without paying full scarcity premiums upfront while keeping fallback capacity live.

    high confidence

  • Use Price caps/collarsUse when Cisco cites One of the most influential cybersecurity to justify immediate repricing or wider surcharge language.Limit upside cost exposure while preserving awardability for time-sensitive work and keeping the supplier commercially engaged.

    high confidence

What to do / What to watch

What to do now

  • Schedule a supplier call with Microsoft to validate vendor support coverage, secure fallback slots around China-linked hackers used Google Sheets to, and trade extension options for committed capacity if needed.

    Why: This matters for IT, Telecom & Cyber because capacity and lead-time signals can move supplier prioritization, award timing, and contingency lanes with 42, 53, 20 as the clearest commercial anchors; buyers should plan for renewal uplift asks.

    Owner: Category

    Expected outcome: Complete this within 3 days to reduce buyer surprise and tighten near-term sourcing control.

    [2]
  • Email Microsoft to reconfirm license renewals, keep quote validity short around One of the most influential cybersecurity, and push for breach response slas instead of open-ended surcharge language.

    Why: This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 33, 130,000, 175,000 as the clearest commercial anchors; expect bundling platform offers.

    Owner: Category

    Expected outcome: Complete this within 7 days to reduce buyer surprise and tighten near-term sourcing control.

    [1]

Next few weeks

  • Schedule a supplier call with Microsoft to validate vendor support coverage, secure fallback slots around China-linked hackers used Google Sheets to, and trade extension options for committed capacity if needed.

    Why: Move now because This should improve negotiating posture and reduce surprise exposure against the supplier capacity now visible in the brief.

    Owner: Category

    Expected outcome: This should improve negotiating posture and reduce surprise exposure against the supplier capacity now visible in the brief.

    [2]
  • Email Microsoft to reconfirm license renewals, keep quote validity short around One of the most influential cybersecurity, and push for breach response slas instead of open-ended surcharge language.

    Why: Move now because This should improve negotiating posture and reduce surprise exposure against the market direction now visible in the brief.

    Owner: Contracts

    Expected outcome: This should improve negotiating posture and reduce surprise exposure against the market direction now visible in the brief.

    [1]
  • Prepare trade extension options, standby retainer, or minimum-volume commits for committed capacity for the next negotiation cycle.

    Why: Deploy it because Use when China-linked hackers used Google Sheets to points to tightening slots or scarce availability from Microsoft.

    Owner: Contracts

    Expected outcome: Protect delivery certainty without paying full scarcity premiums upfront while keeping fallback capacity live.

    [2]
  • Prepare use price caps/collars for the next negotiation cycle.

    Why: Deploy it because Use when Cisco cites One of the most influential cybersecurity to justify immediate repricing or wider surcharge language.

    Owner: Contracts

    Expected outcome: Limit upside cost exposure while preserving awardability for time-sensitive work and keeping the supplier commercially engaged.

    [1]

Longer view

  • Use the current signal mix to tighten quarter-ahead sourcing scenarios and supplier optionality plans.

    Why: Prepare now because repeated cross-source signals are pointing to a more fragile commercial environment than a headline-only read suggests.

    Owner: Category

    Expected outcome: A cleaner quarter-ahead demand, budget, and fallback-supplier plan.

    [2]

What to watch

  • Watch whether China-linked hackers used Google Sheets to turns into visible slot scarcity, longer qualification queues, or firmer allocation language from Microsoft
  • Watch whether Microsoft starts using One of the most influential cybersecurity as a repricing reference in quotes, escalator asks, or budget resets
  • China-linked hackers used Google Sheets to creates supplier capacity.: Google has disrupted a China-linked espionage group that used Google’s spreadsheet application as a covert spy tool to compromise telecom providers and government agencies across 42 countries, sending commands and receiving stolen data through it, Google’s Threat Intelligence Group (GTIG) said on Thursday
  • One of the most influential cybersecurity creates cost pressure.: According to a recent ISC2 survey, 33% of organizations cannot staff their security teams adequately The result of this shortage is that these professionals are handsomely rewarded — but no-one appears to have told the UK government
  • IT, Telecom & Cyber conditions are now tactical: the latest signals justify immediate outreach to Microsoft and a clause-by-clause contract refresh
  • Use today's signal mix to challenge license renewals, confirm vendor support coverage, and preserve fallback options before leverage deteriorates

Market pulse

IndexLatestChangeAs of
Palo Alto (PANW)320 +0.00 (+0.00%)Mar 2, 2026, 12:54 PM
CrowdStrike (CRWD)285 +0.00 (+0.00%)Mar 2, 2026, 12:54 PM
Zscaler (ZS)195 +0.00 (+0.00%)Mar 2, 2026, 12:54 PM
Fortinet (FTNT)72 +0.00 (+0.00%)Mar 2, 2026, 12:54 PM
  • Palo Alto: Palo Alto should be used as a negotiation boundary for IT, Telecom & Cyber pricing, supplier challenge sessions, and contingency budgeting this cycle
  • CrowdStrike: CrowdStrike should be used as a negotiation boundary for IT, Telecom & Cyber pricing, supplier challenge sessions, and contingency budgeting this cycle
  • Zscaler: Zscaler should be used as a negotiation boundary for IT, Telecom & Cyber pricing, supplier challenge sessions, and contingency budgeting this cycle
  • Fortinet: Fortinet should be used as a negotiation boundary for IT, Telecom & Cyber pricing, supplier challenge sessions, and contingency budgeting this cycle

Sources

Inline citations jump here. Expand a source to read the excerpt, the AI interpretation, and the original link.

[1] One of the ‘most influential cybersecurity’ roles will pay under $175,000

csoonline.com · Feb 27, 2026

Expand

AI reading

According to a recent ISC2 survey, 33% of organizations cannot staff their security teams adequately The result of this shortage is that these professionals are handsomely rewarded — but no-one appears to have told the UK government. The role, which the ad describes as “one of the most influential cyber security leadership roles in the UK,” offers a maximum salary of £130,000 (about $175,000) — and none of the stock options or other inducements common in industry. This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 33, 130,000, 175,000 as the clearest commercial anchors; expect bundling platform offers

Buyer takeaway

For IT, Telecom & Cyber, treat this as a cost-boundary signal rather than just a headline; buyer assumptions may need refreshing before the next quote or award decision

Cost / money

Use this to refresh should-cost views and challenge any fast repricing. Keep the read-through directional unless the source itself provides hard commercial numbers

Supplier / commercial

Suppliers with fresh cost justification may push harder on reopeners, indexation, shorter quote validity, or pass-through language. Buyers should separate real drivers from negotiation posture

Safety / operations

The operational risk is indirect: tight budgets or repricing battles often reappear later as reduced slack, substitutions, or execution compromises that buyers then have to manage

What to watch

Watch for shorter quote validity, reopeners, pass-through requests, or attempts to reset pricing on the back of weak evidence

Key facts

  • According to a recent ISC2 survey, 33% of organizations cannot staff their security teams ade
  • The role, which the ad describes as “one of the most influential cyber security leadership ro
  • Successful candidates will have “expertise in securing cloud environments and emerging techno
  • “As CISO, you will work with colleagues to set and implement the organisation’s cyber and inf
Open original source

[2] China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries

csoonline.com · Feb 26, 2026

Expand

AI reading

Google has disrupted a China-linked espionage group that used Google’s spreadsheet application as a covert spy tool to compromise telecom providers and government agencies across 42 countries, sending commands and receiving stolen data through it, Google’s Threat Intelligence Group (GTIG) said on Thursday. Working with Mandiant, GTIG confirmed intrusions at 53 organizations across 42 countries, with suspected infections in at least 20 more. This matters for IT, Telecom & Cyber because capacity and lead-time signals can move supplier prioritization, award timing, and contingency lanes with 42, 53, 20 as the clearest commercial anchors; buyers should plan for renewal uplift asks

Buyer takeaway

For IT, Telecom & Cyber, this is mainly an availability and execution signal; sequencing, fallback coverage, and supplier responsiveness may matter more than list price

Cost / money

Tighter availability often shows up later as expediting, standby, or substitution cost. The immediate job is to see where delays could become avoidable spend

Supplier / commercial

Capacity pressure usually strengthens supplier leverage. Check who can still commit on timing, what backup coverage exists, and whether current contract language protects against slippage

Safety / operations

Where supplier availability tightens, schedule pressure can spill into safety or quality risk if teams start accepting late substitutions or compressed mobilization windows

What to watch

Watch lead times, crew or vessel allocation, and whether suppliers are quietly narrowing commitment windows before the next sourcing gate

Key facts

  • Google has disrupted a China-linked espionage group that used Google’s spreadsheet applicatio
  • Working with Mandiant, GTIG confirmed intrusions at 53 organizations across 42 countries, wit
  • The group, identified by Google as UNC2814, is a suspected PRC-nexus actor that GTIG has trac
  • Unlike Salt Typhoon, UNC2814, the China-linked group whose intrusions into US telecom carrier
Open original source

[3] Palo Alto

finance.yahoo.com · n.d.

Expand
Open original source

[4] CrowdStrike

finance.yahoo.com · n.d.

Expand
Open original source

[5] Zscaler

finance.yahoo.com · n.d.

Expand
Open original source

[6] Fortinet

finance.yahoo.com · n.d.

Expand
Open original source
More from IT, Telecom & CyberBack to Executive View