Google Reports Chinese-Linked Hackers Targeted Medical Research for Over a Year
The sustained, undetected campaign against medical and military research facilities highlights a sophisticated state-linked threat targeting sensitive scientific and defense data.
Reporting from 1 sources: GIGAZINE.
The Google Threat Intelligence Group reported on June 16, 2026, that a Chinese-linked hacker group, identified as UNC6508, infiltrated medical research institutions in the US and Canada for over a year without detection. The group exploited REDCap server vulnerabilities, deployed custom malware INFINITERED, and exfiltrated data using cloud-based compliance rules.
The Google Threat Intelligence Group (GTIG) identified the hacker group as UNC6508 and said the first confirmed breach occurred in September 2023. The group exploited a vulnerability in REDCap, a web application for managing medical research surveys and databases. Three months later, they deployed custom malware called INFINITERED, which stole legitimate login credentials and remained hidden for over a year.
After gaining domain administrator privileges, INFINITERED created a content compliance rule named 'Patriot' that scanned for keywords including 'Indo-Pacific,' 'Southeast Asia,' 'Commands unit,' and 'Artificial Intelligence (AI).' The rule sent matching data to a Gmail account controlled by the hackers. GTIG reported that the group operated until November 2025 and that its infrastructure has since been dismantled.
Synthesized by Yomimono from the 1 cited source below, including Japanese-language reporting where cited, then editorially reviewed before publishing.