Chinese-linked hackers targeted U.S.,Canadian research facilities for a year, Google says

(Reuters) - A Chinese-linked hacking group spent more than a year secretly stealing data from U.S. and Canadian academic, medical and military research institutions, before being ​detected, Google said on Monday.

Between September 2023 and November 2025, the ‌hackers sought information related to defense intelligence, military strategy in the Indo-Pacific, artificial intelligence, unmanned vehicles, cyber warfare programs and medical research, Google’s Threat Intelligence Group said in a report, opens new tab.

Google did not name the ​targeted organizations, but said their work covered a broad range of fields, from ​drug discovery and clinical trials to public health policy and military ⁠readiness, and that they collectively employ thousands of people with a combined research ​budget running into the billions of dollars.

Google has attributed the campaign to a hacking ​group it calls UNC6508, a relatively new and little-known cyberespionage player. Luke McNamara, deputy chief analyst at Google Threat Intelligence Group, said the organization's methods are broadly consistent with Chinese-linked hacking activity seen over ​many years, focused on gathering information likely to be of interest to the ​Chinese government.

The Chinese Embassy in Washington did not immediately respond to a request for comment. Beijing ‌regularly denies ⁠carrying out or condoning illicit hacking activity.

The earliest known activity tied to the campaign dates to September 2023, when the hackers exploited vulnerabilities in servers running REDCap, a web application widely used by nonprofits to build and manage online surveys and databases. ​Using custom-built malicious ​software, the hackers stole ⁠legitimate REDCap login credentials to gain access to the targeted networks.

They then set up a system to automatically forward emails ​containing any of nearly 150 keywords and search terms to ​a Gmail ⁠account they controlled, the researchers said.

REDCap did not respond to a request for comment.

The keywords and search terms included phone numbers and email addresses for people at targeted organizations, ⁠as well ​as terms related to geo-strategic policy, military strategy, ​advanced technology, and medical research.