BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

China-Linked Spy Group Hits North American Research

UNC6508 group stole US military, AI, and medical research via backdoored servers.

  • A China-linked espionage group, UNC6508, secretly infiltrated North American research networks for over a year.
  • The attackers used a backdoor called INFINITERED to compromise REDCap servers and steal login credentials.
  • They exfiltrated sensitive emails by abusing Google Workspace’s own content compliance rules, copying messages to a secret inbox.
  • The stolen data focused on military, AI, and medical research, including specific terms like chikungunya.
  • Google’s Threat Intelligence Group reported the campaign and disrupted the infrastructure.

A China-linked espionage group compromised medical, academic, and military research networks across the US and Canada for more than a year. Google’s Threat Intelligence Group detailed this campaign in a new report, attributing it to a cluster tracked as UNC6508.

- Advertisement -

The attackers first breached externally facing REDCap servers, possibly targeting older, vulnerable versions. Consequently, they deployed custom malware that hijacked the server’s upgrade process to maintain persistence.

This malware, named INFINITERED, secretly harvested usernames and passwords from the login page. It then acted as a backdoor, accepting commands through HTTP cookies on every page load.

After moving laterally with stolen credentials, the group gained domain administrator access. They then weaponized a legitimate Google Workspace feature to steal email without detection.

UNC6508 created a content compliance rule that monitored for nearly 150 specific keywords. Whenever a matching email was sent, the system automatically BCC’d a copy to an attacker-controlled Gmail address.

- Advertisement -

The targeted search terms revealed a focus on geo-strategic policy and advanced technology. One notably specific keyword was chikungunya, a virus behind a 2025 outbreak in China.

Google recommends patching all external REDCap servers and removing old versions entirely. Organizations must also audit their cloud mail rules for any unauthorized forwarding instructions.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Iranian Cavern Manticore Hacks Israeli Firms

An Iranian state-backed hacking group is using a new modular C2 framework, Cavern, targeting...

Microsoft Cuts 4,800 Jobs; Dow Hits Record High

Major U.S. stock indices rose on Monday, led by a rebound in technology and...

Saylor’s Strategy Sells $216M in Bitcoin At a Loss

Michael Saylor’s Strategy sold 3,588 BTC for $216 million, marking its first major sale...

New Linux KVM Bug Lets Guest Crash Host

A critical vulnerability dubbed 'Januscape' (CVE-2026-53359) allows a guest virtual machine to panic or...

Microsoft lays off 1,600, refocuses Xbox on AI

Microsoft is laying off approximately 1,600 Xbox employees immediately and eliminating another 1,250 roles...

Must Read

Buy Domain With Bitcoin: Top 8 Domain Registrars That Accept Bitcoin And Crypto

You are here because you want to buy a domain with bitcoin, right? If you are looking for domain registrars that accept bitcoin or...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading