Khaberni - On Monday, Google said a hacking group linked to China spent over a year stealthily stealing data from academic, medical, and military research institutions in the United States and Canada, before being discovered.
During the period between September 2023 and November 2025, the hackers sought to obtain information related to defense intelligence, military strategy in the Indian and Pacific Ocean region, artificial intelligence, unmanned vehicles, cybersecurity warfare programs, and medical research, according to a report from Google's Threat Intelligence Group “Threat Intelligence Group”.
Google did not disclose the names of the targeted institutions, but clarified that their work spans a wide range of areas, from drug discovery and clinical trials to public health policy and military preparedness, and that these institutions collectively employ thousands of people with research budgets totaling billions of dollars, according to "Reuters".
Google attributed this campaign to a hacking group it calls “UNC6508”, which is a relatively new and not widely known entity in the field of cyber espionage.
Luke McNamara, a senior analyst at Google's “Threat Intelligence Group”, said the methods of this group generally align with hacking activities linked to China observed over many years, focusing on gathering information believed to be of interest to the Chinese government.
The Chinese embassy in Washington did not immediately respond to a request for comment, while Beijing repeatedly denies conducting or supporting any illegal hacking activities.
The earliest known activities associated with this campaign date back to September 2023, when the hackers exploited security vulnerabilities in servers running the “REDCap” platform, a widely used web application by non-profit organizations for creating and managing surveys and databases online.
Using customized malicious software, the hackers stole legitimate login credentials to “REDCap” to access targeted networks. They then created a system for automatically redirecting emails containing any of about 150 keywords and search phrases to a Gmail account they controlled, according to the researchers.
The keywords and search phrases included phone numbers and email addresses of people inside the targeted institutions, in addition to terms related to geostrategic policies, military strategy, advanced technologies, and medical research.
Eventually, Google identified several compromised institutions in the United States and Canada and notified each of them, according to the researchers.
