Chinese Hackers Stole US Defense, AI Data for 14 Months Undetected

A Chinese-linked hacking group spent more than 14 months stealing defense intelligence, AI research, and medical data from North American institutions before anyone noticed. Google's Threat Intelligence Group disclosed the campaign on June 15, attributing it with high confidence to a cluster it tracks as UNC6508.

The attackers compromised REDCap servers—a web application widely used by research institutions to manage surveys and databases—then abused Google Workspace's own features to silently exfiltrate matching emails to attacker-controlled inboxes.

How UNC6508 Operated

The campaign ran from September 2023 through November 2025, targeting medical providers, academic research centers, military health institutions, and government advocacy groups across the United States and Canada.

According to Google's Threat Intelligence Group, UNC6508 gained initial access by probing vulnerable REDCap installations. Google didn't identify a specific CVE but observed the group targeting "older, vulnerable" servers running outdated versions.

Once inside, the attackers deployed custom malware called INFINITERED that performed three functions: hijacking upgrade processes to maintain persistence across REDCap updates, harvesting credentials from the login page, and operating as a backdoor that accepted commands through HTTP cookies. The persistence technique mirrors approaches we've documented in other Chinese web shell frameworks targeting externally-facing servers.

After gaining initial access, UNC6508 conducted internal reconnaissance, harvested additional credentials, and escalated to domain administrator accounts—a pattern consistent with other Chinese APT operations we've tracked this year.

Abusing Google Workspace for Exfiltration

The most notable aspect of this campaign was how UNC6508 weaponized legitimate Google Workspace features against victims.

The attackers created content compliance rules—a built-in administrative feature—that watched for nearly 150 keywords related to their intelligence priorities. One rule was misspelled as "Patroit" instead of "Patriot," providing a forensic breadcrumb that helped investigators identify compromised environments.

When emails matched these keywords, the rules automatically BCCed copies to an attacker-controlled Gmail inbox. Victims had no indication their messages were being siphoned.

What They Stole

UNC6508's collection priorities reveal a broad intelligence mandate:

• Geo-strategic policy documents related to military strategy in the Indo-Pacific
• Military equipment specifications and cyber warfare programs
• Advanced technology research focused on AI and uncrewed vehicles
• Medical research data, notably studies on chikungunya virus

The interest in chikungunya research coincided with a 2025 outbreak in China's Guangdong province—suggesting intelligence collection aligned with domestic health concerns alongside traditional espionage targets.

Detection and Attribution

Google TAG attributed the campaign to UNC6508 "with high confidence," linking it to Chinese state-backed actors. The attribution rests on infrastructure overlap, malware characteristics, and targeting patterns consistent with known Chinese intelligence priorities.

The 14-month dwell time before detection underscores how stealthy this operation was. UNC6508 avoided deploying commodity malware or triggering behavioral alerts by relying on legitimate platform features for exfiltration rather than traditional command-and-control infrastructure.

Organizations that use REDCap should review their Google Workspace admin logs for suspicious content compliance rules, audit OAuth application access, and check for unexpected email forwarding configurations.

Why This Matters

This campaign represents a textbook example of how nation-state actors increasingly leverage legitimate cloud services to blend into normal traffic. By abusing Google Workspace rather than establishing external C2 infrastructure, UNC6508 evaded network-based detection that would flag suspicious outbound connections.

The targeting of medical research institutions adds another dimension. While defense and AI research make obvious espionage targets, the theft of chikungunya studies suggests Chinese intelligence services maintain broader collection priorities that extend to public health data—a pattern we've seen before with COVID-related targeting during the pandemic.

For organizations in the academic and research sectors, this campaign is a reminder that security controls on externally-facing applications like REDCap deserve the same rigor as corporate email systems. The initial compromise enabled everything that followed.

Administrators should also recognize that cloud productivity features can become attack vectors. Content compliance rules, email forwarding, and OAuth apps all provide persistence mechanisms that survive password resets and can operate invisibly for extended periods. Regular audits of these configurations should be standard practice for any organization handling sensitive research data.

Google has notified affected organizations and is working with law enforcement. The company recommends enabling advanced protection features for high-risk users and conducting periodic reviews of Workspace admin configurations.