A newly discovered Chinese-linked hacking group spent over a year covertly stealing data from academic, medical, and military research institutions across the United States and Canada before being detected, according to a report released by Google.
Google's Threat Intelligence Group revealed that between September 2023 and November 2025, the cyberespionage campaign focused heavily on gathering sensitive data. The targets included defense intelligence, artificial intelligence, military strategy in the Indo-Pacific, unmanned vehicles, cyber warfare programs, and cutting-edge medical research, News.Az reports, citing Reuters.
While Google did not name the specific entities compromised, it noted that the targeted organizations employ thousands of people and command research budgets reaching into the billions of dollars. Their work spans high-stakes sectors from state-level public health policy and clinical drug trials to military readiness.
Cybersecurity researchers have attributed the breach to a relatively new, little-known threat cluster tracked as UNC6508. Luke McNamara, deputy chief analyst at Google Threat Intelligence Group, stated that the group's tactics closely align with long-standing Chinese-linked operations aimed at gathering intelligence to benefit the Beijing government.
The Chinese Embassy in Washington did not immediately respond to a request for comment. Beijing consistently denies initiating or backing state-sponsored cyberattacks.
The attack vector dates back to September 2023, when the hackers successfully exploited software vulnerabilities in servers running REDCap—a widely used web application designed for managing online surveys and databases in the nonprofit and research sectors.
Using custom-made malware, the hackers intercepted legitimate login credentials to infiltrate deeper into the internal networks. From there, they established a covert system that automatically forwarded organizational emails to a hacker-controlled Gmail account whenever messages contained any of nearly 150 targeted keywords.
These monitored search terms included specific employee phone numbers, email addresses, and phrases related to advanced technology, military strategy, and geo-strategic policy.
Google confirmed it has since identified the affected institutions across the U.S. and Canada and notified them of the breaches to begin network remediation.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。