Chinese hackers targeted US, Canadian research facilities for over a year

Created at 15 Jun · 2:11 PM2 sources↑ Market-relevant2 events

IN SHORT

A Chinese-linked hacking group, identified as UNC6508, conducted a year-long cyberespionage campaign targeting U.S. and Canadian academic, medical, and military research institutions. The group sought information on defense, AI, and medical research, exploiting vulnerabilities in REDCap software.

Key Numbers

1 yearduration of hacking campaign

September 2023earliest known activity date

November 2025latest known activity date

150keywords used to filter stolen emails

Who's Involved

UNC6508

Chinese-linked hacking group

Google Threat Intelligence Group

detected the cyberespionage campaign

Luke McNamara

deputy chief analyst at Google Threat Intelligence Group

↳ Why This Matters

The sustained cyberespionage campaign highlights ongoing efforts by state-linked actors to acquire sensitive research and defense information, posing risks to national security and intellectual property.

Key facts

A Chinese-linked hacking group, UNC6508, conducted a cyberespionage campaign for over a year.
Targets included U.S. and Canadian academic, medical, and military research institutions.
Information sought included defense intelligence, military strategy, AI, and medical research.
Hackers exploited vulnerabilities in REDCap software to steal credentials and gain network access.
Google's Threat Intelligence Group detected the campaign and notified affected organizations.

A Chinese-linked hacking group, identified by Google as UNC6508, spent more than a year secretly stealing data from U.S. and Canadian academic, medical, and military research institutions. The campaign, which ran from September 2023 to November 2025, focused on gathering information likely of interest to the Chinese government, including defense intelligence, military strategy in the Indo-Pacific, artificial intelligence, unmanned vehicles, cyber warfare programs, and medical research.

Key facts

A Chinese-linked hacking group, UNC6508, conducted a cyberespionage campaign for over a year.

Targets included U.S. and Canadian academic, medical, and military research institutions.

Information sought included defense intelligence, military strategy, AI, and medical research.

Hackers exploited vulnerabilities in REDCap software to steal credentials and gain network access.

Google's Threat Intelligence Group detected the campaign and notified affected organizations.

Chinese hackers targeted US, Canadian research facilities for over a year

Key Numbers

Who's Involved

↳ Why This Matters

Key facts

Chinese hackers targeted US, Canadian research facilities for over a year

Key Numbers

Who's Involved

↳ Why This Matters

Key facts

Frequently asked questions

What Happens Next

Get the newsletter.

How It Developed

Sources

Related Stories

Chinese hackers targeted US, Canadian research facilities for over a year

PiQ Daily

Key Numbers

Who's Involved

↳ Why This Matters

Key facts

Chinese hackers targeted US, Canadian research facilities for over a year

PiQ Daily

Key Numbers

Who's Involved

↳ Why This Matters

Key facts

Frequently asked questions

+ What is UNC6508?

+ How did the hackers gain access?

+ What kind of information were the hackers seeking?

+ Which organizations were targeted?

What Happens Next

Get the newsletter.

How It Developed

Sources

Related Stories