• Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Login
Join Free
Home
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Coming Soon
Job Board
Events
Contact Awards
USMC Deception Manual
Login
Join Free
Home Global Operations Asia

China-Linked Spies Stole Data from Medical, Military Research Networks Across North America for Years

  • SOFX Staff Writer
  • June 17, 2026
(Credit: GagoDesign / Shutterstock)
Share on FacebookShare on TwitterLinkedIn

A China-linked cyberespionage group has been stealing data from medical, academic and military research organizations across North America since at least 2023, according to new findings from Google’s Threat Intelligence Group (GTIG).

The group, identified by Google as UNC6508 repeatedly targeted externally facing REDCap servers, a widely used platform for managing clinical research databases and surveys.

“These organizations comprise world-renowned clinical providers, premier academic centers, North American military health institutions, professional advocacy groups, and health regulatory bodies,” Google’s researchers explained. “Their research areas span a broad spectrum of modern medicine, from molecular discovery and clinical drug trials to state-level public health policy and military readiness.”

Researchers said the threat group breached a medical research university in September 2023, stole credentials and communications, and remained active on the institution’s systems through November 2025, when it was discovered.

GTIG said the group deployed custom malware known as InfiniteRed, described as a toolset that provides dropper, upgrade interception, credential harvesting, backdoor and command-and-control capabilities.

“GTIG discovered multiple organizations across the U.S. and Canada compromised with InfiniteRed,” Google said. “All of these organizations were promptly notified of the compromise upon detection and offered our assistance with remediation.”

Researchers also found that the hackers abused legitimate administrative features to extract sensitive communications, including email content tied to specific topics. The targeting extended beyond medical research into defense and emerging technology sectors.

Luke McNamara, deputy chief analyst at GTIG said the intruders used highly specific search terms while hunting for intelligence.

“We have defense-related activity, which was a significant bulk of the different terms, or emails related to defense platform systems or companies,” McNamara told The Register. “Some of those were looking for any emails that were coming in or going out that used @ and then a big defense name. Others were specific email addresses of individuals at more niche defense companies.”

McNamara added that the hackers also searched for niche medical and biological topics, including the mosquito-borne disease chikungunya.

“We don’t know the full extent or impact of the campaign,” Patrick Whitsell, senior security engineer at GTIG, told CyberScoop. “Given the breadth of the threat actor’s intelligence collection criteria and their ability to remain undetected within compromised networks for more than a year, we assess the known victims likely represent only a fraction of a larger campaign.”

GTIG recommends a layered defense approach to reduce risk from the threat. Key measures include enforcing phishing-resistant two-factor authentication for admin accounts and using advanced protection for high-risk users. 

On the data protection side, GTIG said organizations should implement data loss prevention rules, review compliance and admin logs regularly, and integrate security logs into SIEM platforms for centralized detection and response. Password leak detection tools are also recommended to identify compromised credentials. 

SOFX Staff Writer

SOFX Staff Writer

The Editor Staff at SOFX comprises a diverse, global team of dedicated staff writers and skilled freelancers. Together, they form the backbone of our reporting and content creation.

Subscribe
Login
Notify of
guest
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
ADVERTISEMENT

Trending News

Ukraine Said to Deploy AI Drones That Identify Human Targets via Facial and Heat Signatures

Ukraine Said to Deploy AI Drones That Identify Human Targets via Facial and Heat Signatures

by SOFX Staff Writer
May 22, 2026
0

Russian military bloggers claim Ukraine has started deploying drones equipped with artificial intelligence systems capable of identifying and guiding themselves...

Republic of Korea Air Force military police members set up a mobile communication center during an active shooter training event at Daegu Air Base, ROK, April 24, 2023. Before the training event, evaluators ran through the training in a ‘table top’ format. (U.S. Air Force photo by Airman 1st Class Aaron Edwards)

An In-depth Look at Hong Kong’s Special Duties Unit

by SOFX Staff Writer
September 2, 2023
0

The Special Duties Unit (SDU), colloquially known as the ‘Flying Tigers’, is Hong Kong's premier police unit, trained to handle...

Ukraine Opens a Regulated Market to Recruit Foreign Fighters

Ukraine Opens a Regulated Market to Recruit Foreign Fighters

by SOFX Staff Writer
July 6, 2026
9

Ukraine has approved new rules to formally recruit foreign volunteers into its military, allowing only vetted, Ukrainian-registered companies to enlist...

Air Force Sees Highest Promotion Rate to Chief Master Sergeant Since 2016

Air Force Sees Highest Promotion Rate to Chief Master Sergeant Since 2016

by SOFX Staff Writer
January 11, 2024
0

The United States Air Force has announced an increase in the promotion rate for its highest enlisted rank, marking the...

ADVERTISEMENT
ADVERTISEMENT
Next Post
Russian Frigate Fires Warning Shots at British Yacht in English Channel

Russian Frigate Fires Warning Shots at British Yacht in English Channel

Trump Backs Ukraine Pressure as Iran Deal Unlocks G7 Sanctions Push

Trump Backs Ukraine Pressure as Iran Deal Unlocks G7 Sanctions Push

997 Morrison Dr. Suite 200, Charleston, SC 29403

News

  • Global Operations
  • Special Interest
  • Industry
  • Global Operations
  • Special Interest
  • Industry

Resources

  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
No Result
View All Result
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Subscribe
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.

Log in to your account

Lost your password?
wpDiscuz