A Chinese-linked hacking group spent more than a year covertly stealing data from academic, medical, and military research institutions in the United States and Canada before being detected, according to a report released by Google on Monday, reports Reuters.
Between September 2023 and November 2025, the hackers sought information related to defense intelligence, Indo-Pacific military strategy, artificial intelligence, unmanned systems, cyber warfare programs, and medical research, Google's Threat Intelligence Group said.
Google did not identify the targeted organizations but said they operate across a broad range of fields, including drug discovery, clinical trials, public health policy, and military readiness. Collectively, the institutions employ thousands of people and manage research budgets worth billions of dollars.
Google attributed the campaign to UNC6508, a relatively new cyberespionage group. Luke McNamara, deputy chief analyst at Google's Threat Intelligence Group, said the group's tactics were consistent with long-standing Chinese-linked intelligence-gathering operations focused on acquiring information of strategic value to the Chinese government.
The Chinese Embassy in Washington did not immediately respond to a request for comment. Beijing has repeatedly denied conducting or supporting cyberespionage activities.
The earliest known activity linked to the campaign dates to September 2023, when the hackers exploited vulnerabilities in servers running REDCap, a web application widely used by research institutions and nonprofits to manage surveys and databases.
Using custom-built malware, the attackers stole legitimate REDCap login credentials and used them to gain access to targeted networks. Once inside, they established an automated system that forwarded emails containing any of nearly 150 keywords and search terms to a Gmail account under their control, according to Google researchers.
The monitored terms included phone numbers and email addresses associated with personnel at the targeted institutions, as well as keywords related to geopolitical strategy, military affairs, advanced technologies, and medical research.
The operation highlighted the growing importance of research institutions in global cyberespionage campaigns, as advances in technology, defense, and healthcare increasingly become matters of national and strategic interest.
Bd-pratidin English/ Jisan
