Google’s Threat Intelligence Group uncovered a long-running cyber-espionage campaign by the Chinese-linked hacking group UNC6508.
The operation ran from September 2023 to November 2025. Hackers targeted sensitive data from academic, medical, and military research institutions across the U.S. and Canada.
The campaign focused on information regarding defense, artificial intelligence, unmanned vehicles, and medical research. Attackers exploited vulnerabilities in REDCap, a web application used by research organizations to manage surveys and databases.
Google has disrupted the group's infrastructure and notified all affected organizations.