Chinese-linked hackers targeted U.S., Canadian research facilities for a year, Google says
The group used custom malware and Google Workspace compliance rules to steal credentials and route nearly 150 matching emails to an attacker-controlled Gmail account.
- On Monday, Google Threat Intelligence Group reported that Chinese-linked threat actor UNC6508 breached REDCap servers at North American medical and research institutions, stealing sensitive data between September 2023 and November 2025.
- Attackers exploited vulnerable REDCap servers to deploy custom malware called "INFINITERED", which trojanized system files to harvest login credentials and maintain persistent remote access.
- After obtaining administrator access, UNC6508 abused Google Workspace "content compliance rules" to silently BCC-forward emails matching nearly 150 keywords—including military strategy and medical research—to an attacker-controlled Gmail address.
- GTIG disabled the attacker-controlled Gmail account and notified affected organizations across the United States and Canada, though researchers warned the full extent of the campaign remains unknown.
- The operation reflects a broader pattern of state-sponsored actors embedding backdoors in critical infrastructure to intercept research and pre-position for potential sabotage, posing persistent security risks to defense, technology, and medical sectors.
24 Articles
24 Articles
A built-in Google Workspace feature became a Chinese espionage group's favourite exfiltration tool
A Chinese-linked hacking group spent more than a year secretly stealing data from US and Canadian academic, medical and military research institutions, before being detected, Google said on June 15.
Google exposes China espionage group that’s been lurking in networks undetected since 2023
Google threat hunters spotted yet another Chinese state-sponsored espionage group that for years had burrowed into systems belonging to government and private organizations to steal data across academia, medicine, military, cybersecurity and foreign policy. Google Threat Intelligence Group discovered the previously unknown threat group UNC6508, which targeted organizations in the United States and Canada, in late 2025 but traced its earliest kn…
Beijing-Linked Hackers Targeted US, Canadian Research Institutions for Over a Year: Google
A Beijing-linked cyberespionage group spent more than a year infiltrating research institutions across North America before being detected, according to a new report from Google. In a report published on June 15, the Google Threat Intelligence Group said the hacking campaign, which ran from September 2023 through November 2025, primarily targeted academic, medical, and military research organizations in the United States and Canada. According to…
Chinese-linked hackers targeted U.S., Canadian research facilities for a year, Google says
A Chinese-linked hacking group spent more than a year secretly stealing data from U.S. and Canadian academic, medical and military research institutions, before being detected, Google said on Monday.
Chinese-linked hackers targeted US, Canadian research facilities for a year: Google
A Chinese-linked hacking group secretly stole data from U.S. and Canadian academic, medical, and military research institutions. The cyberespionage campaign lasted over a year. Hackers targeted information on defense, military strategy, artificial intelligence, and medical research. Google identified the group as UNC6508. The activity began in September 2023 and ended in November 2025. Organizations were notified after detection.
Coverage Details
Bias Distribution
- 60% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
