(CNA, Detroit, 15th –综合 international reports) Google announced today that a hacker group linked to China had secretly and undetectedly stolen data from academic, medical, and military research institutions in the United States and Canada for over a year.

According to a report released by Google's Threat Intelligence team, the hackers targeted information on defense intelligence, Indo-Pacific military strategy, artificial intelligence, drones, cyber warfare plans, and medical research between September 2023 and November 2025.

Google did not disclose the names of the targeted institutions but noted they spanned fields including drug development, clinical trials, public health policy, and military preparedness, collectively employing thousands of staff and managing research budgets totaling several billion dollars.

Google identified the data theft as carried out by a hacker group named UNC6508, a relatively new and little-known cyber espionage group.

Luke McNamara, Deputy Director of Google's Threat Intelligence team, stated that the group's tactics closely resemble long-observed Chinese hacking activities, primarily focused on gathering intelligence of interest to the Chinese government.

China's embassy in the U.S. did not immediately respond to requests for comment. Beijing has consistently denied engaging in or supporting illegal hacking activities.

The cyberattacks date back to September 2023, when hackers exploited a vulnerability in REDCap servers. REDCap is a web application widely used by nonprofit organizations to build and manage online surveys and databases.

Researchers indicated that the hackers used custom-built malware to steal legitimate REDCap login credentials, gaining access to target networks. They then set up systems to automatically forward emails containing nearly 150 keywords and search terms to Gmail accounts under their control.

REDCap did not respond to requests for comment.

The configured keywords and search terms included staff phone numbers and email addresses from targeted institutions, as well as terms related to geopolitical policy, military strategy, advanced technology, and medical research.

Researchers said Google eventually discovered that multiple U.S. and Canadian institutions had been compromised and had individually notified them. (Compiled by: Chi-Chin Ling) 1150616

FACT BOX

  • Source: CNA (Central News Agency)
  • Category: Taiwan
  • Organizations: Google / REDCap
  • Products / services: REDCap / Gmail