A suspected China-linked hacking group stole data from US and Canadian academic, medical and military research institutions for more than a year before being detected, Google Threat Intelligence Group said in a new report.
The hacking team, tracked as UNC6508, had hacking systems in place from September 2023 to November 2026, Google said.
The hackers sought materials related to defence intelligence, military strategy in the Indo-Pacific region, AI, unmanned vehicles, cyber warfare programmes and medical research, researchers said.
Espionage
The work of the targeted organisations ranged from drug discovery to public health policy and military readiness, Google said.
“These organizations comprise world-renowned clinical providers, premier academic centers, North American military health institutions, professional advocacy groups, and health regulatory bodies,” researchers said.
GTIG deputy chief analyst Luke McNamara said the methods used by UNC6508 appear broadly consistent with those used by China-linked hackers, with the information sought being of potential interest to China.
The campaign, dating at least back to September 2023, targeted servers running RedCAP, a web application used by nonprofits to manage online surveys and databases.
Three months after their initial intrusion, the hackers deployed a custom piece of malware called InfiniteRed to intercept data, harvest credentials and provide backdoor access to the servers.
Research institutions
The malware used legitimate filters to exfiltrate emails related to a list of nearly 150 keywords, sending the messages to a Gmail account they controlled.
The keywords included phone numbers and email addresses of people at the targeted organisations, and terms related to geo-strategic policy, military strategy, advanced technology and medical research.
Google eventually identified several compromised organisations across the US and Canada and notified them, the company said.
China regularly denies engaging in hacking activities.
Click Here For The Original Source.
