China-Linked Spy Group Hits North American Research

A China-linked espionage group compromised medical, academic, and military research networks across the US and Canada for more than a year. Google’s Threat Intelligence Group detailed this campaign in a new report, attributing it to a cluster tracked as UNC6508.

The attackers first breached externally facing REDCap servers, possibly targeting older, vulnerable versions. Consequently, they deployed custom malware that hijacked the server’s upgrade process to maintain persistence.

This malware, named INFINITERED, secretly harvested usernames and passwords from the login page. It then acted as a backdoor, accepting commands through HTTP cookies on every page load.

After moving laterally with stolen credentials, the group gained domain administrator access. They then weaponized a legitimate Google Workspace feature to steal email without detection.

UNC6508 created a content compliance rule that monitored for nearly 150 specific keywords. Whenever a matching email was sent, the system automatically BCC’d a copy to an attacker-controlled Gmail address.

The targeted search terms revealed a focus on geo-strategic policy and advanced technology. One notably specific keyword was chikungunya, a virus behind a 2025 outbreak in China.

Google recommends patching all external REDCap servers and removing old versions entirely. Organizations must also audit their cloud mail rules for any unauthorized forwarding instructions.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Judge Dismisses xAI Trade Secret Lawsuit Against OpenAI
• Ethereum hosts most of Ripple’s RLUSD stablecoin
• CFTC Hires Blockchain Forensics Chief as Tech Focus Grows
• Microsoft 365 SearchLeak Bug Exposed Data in One Click
• US-Iran Ceasefire Deal Reached, Sending Stocks Soaring