By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
World of SoftwareWorld of SoftwareWorld of Software
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Search
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
Reading: The incredible stealth of a Chinese operation against medical research
Share
Sign In
Notification Show More
Font ResizerAa
World of SoftwareWorld of Software
Font ResizerAa
  • Software
  • Mobile
  • Computing
  • Gadget
  • Gaming
  • Videos
Search
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Have an existing account? Sign In
Follow US
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
World of Software > Computing > The incredible stealth of a Chinese operation against medical research
Computing

The incredible stealth of a Chinese operation against medical research

News Room
Last updated: 2026/06/16 at 6:01 AM
News Room Published 16 June 2026
Share
The incredible stealth of a Chinese operation against medical research
SHARE

The Google Threat Intelligence Group (GTIG) uncovered a spying campaign attributed to the group UNC6508affiliated with China. Assets of September 2023 to November 2025attackers targeted a wide range of academic, medical and military research organizations in the United States and Canada.

Their goal was to collect strategic intelligence on topics as varied as defense, operations in the Indo-Pacific region, artificial intelligence and cutting-edge medical research.

How did the attackers manage to infiltrate?

The initial entry point was theoperation of REDCap serversa web application widely used in the research community for managing databases and online surveys.

While the exact access vector has not been formally identified, Google researchers observed that UNC6508 probed old and vulnerable versions of this solution.

About three months after the first compromises, the attackers deployed a custom malware named INFINITERED. Specifically designed for REDCap systems, it integrates unobtrusively into legitimate system files.

The malware performs three main functions: intercepting the update process to ensure its persistence, collecting login credentials and acting as a backdoor that can be controlled remotely via commands hidden in HTTP cookies.

What was their method of exfiltrating the data?

The most innovative part of this campaign lies in the data exfiltration technique, a method never before observed among actors linked to China.

After gaining administrator access using the stolen credentials, UNC6508 abused a legitimate functionality of Google Workspace : content compliance rules. These rules, designed to manage sensitive communications, have been diverted from their initial use.

The attackers created a rule, misspelled “Patroit”, that scanned all incoming and outgoing emails. If a message contained one of nearly 150 predefined keywords (related to geostrategy, military technologies or medical research), it was automatically and silently forwarded in hidden copy to a Gmail address controlled by the attackers.

This stealthy approach enabled continuous data exfiltration without generating suspicious network traffic or requiring additional malware tools on email servers.

Recommended protective measures

To protect against such threats, Google recommends several measures, including updating REDCap servers and removing old versions.

Administrators should also regularly audit compliance and email forwarding rules for unauthorized changes.

Deploying phishing-resistant multi-factor authentication on privileged accounts, such as administrators, remains a critical defense to prevent the initial access that makes this type of exfiltration possible.

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Twitter Email Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article 13 reasons against SQL | Computer Week 13 reasons against SQL | Computer Week
Next Article Google was found responsible for false information generated by its AI Google was found responsible for false information generated by its AI
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

248.1k Like
69.1k Follow
134k Pin
54.3k Follow

Latest News

Humanoid robots: Why AI can make machines not smarter, but more dangerous
Humanoid robots: Why AI can make machines not smarter, but more dangerous
Gadget
Why Trust Signals SEO Are Central To Search Performance
Blog
at almost -53%, all the vloggers are fighting for it
at almost -53%, all the vloggers are fighting for it
Mobile
Attack on freedom of information: Transparency officers defend themselves against IFG reform
Attack on freedom of information: Transparency officers defend themselves against IFG reform
Software

You Might also Like

Isaac 1, the robot that wants to do your cleaning, but at an exorbitant price
Computing

Isaac 1, the robot that wants to do your cleaning, but at an exorbitant price

6 Min Read
Italy takes inspiration from Switzerland to transform its rails into solar power plants
Computing

Italy takes inspiration from Switzerland to transform its rails into solar power plants

4 Min Read
Spotify removes fraudulent streams linked to online betting
Computing

Spotify removes fraudulent streams linked to online betting

2 Min Read
Can carbon really defy the laws of superconductivity?
Computing

Can carbon really defy the laws of superconductivity?

5 Min Read
//

World of Software is your one-stop website for the latest tech news and updates, follow us now to get the news that matters to you.

Quick Link

  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Topics

  • Computing
  • Software
  • Press Release
  • Trending

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

World of SoftwareWorld of Software
Follow US
Copyright © All Rights Reserved. World of Software.
Welcome Back!

Sign in to your account

Lost your password?