Listen to this article
Upgrade to listen
Powered by Speechify
Already have Rappler+? Sign in to listen to groundbreaking journalism.
SUMMARY
This is AI generated summarization, which may have errors. For context, always refer to the full article.
Google attributes the campaign to a hacking group it calls UNC6508, a relatively new and little-known cyberespionage player
A Chinese-linked hacking group spent more than a year secretly stealing data from US and Canadian academic, medical, and military research institutions, before being detected, Google said on Monday, June 15.
Between September 2023 and November 2025, the hackers sought information related to defense intelligence, military strategy in the Indo-Pacific, artificial intelligence, unmanned vehicles, cyber warfare programs, and medical research, Google’s Threat Intelligence Group said in a report .
Google did not name the targeted organizations, but said their work covered a broad range of fields, from drug discovery and clinical trials to public health policy and military readiness, and that they collectively employ thousands of people with a combined research budget running into the billions of dollars.
Google has attributed the campaign to a hacking group it calls UNC6508, a relatively new and little-known cyberespionage player. Luke McNamara, deputy chief analyst at Google Threat Intelligence Group, said the organization’s methods are broadly consistent with Chinese-linked hacking activity seen over many years, focused on gathering information likely to be of interest to the Chinese government.
The Chinese Embassy in Washington did not immediately respond to a request for comment. Beijing regularly denies carrying out or condoning illicit hacking activity.
The earliest known activity tied to the campaign dates to September 2023, when the hackers exploited vulnerabilities in servers running REDCap, a web application widely used by nonprofits to build and manage online surveys and databases. Using custom-built malicious software, the hackers stole legitimate REDCap login credentials to gain access to the targeted networks. They then set up a system to automatically forward emails containing any of nearly 150 keywords and search terms to a Gmail account they controlled, the researchers said.
REDCap did not respond to a request for comment.
The keywords and search terms included phone numbers and email addresses for people at targeted organizations, as well as terms related to geo-strategic policy, military strategy, advanced technology, and medical research.
Google eventually identified multiple compromised organizations across the U.S. and Canada and notified each of them, the researchers said. – Rappler.com
Summarize this article with AI
How does this make you feel?
Loading
Read the full article at Rappler →
PH