cross-posted from: https://scribe.disroot.org/post/9548496
Chinese government spies remained hidden in the networks of multiple North American medical and military research organizations for more than a year, deploying custom malware and snooping through Gmail inboxes and stealing sensitive data.
This PRC-nexus espionage crew, which Google tracks as UNC6508, used some particularly noteworthy search terms as they were scanning for data to steal. They included such esoteric topics as drone technology and a viral disease that spreads from mosquitoes to humans.
“It’s one of the most interesting grocery shopping lists of things to collect that I’ve seen from a state-sponsored actor,” Luke McNamara, deputy chief analyst at Google Threat Intelligence Group, told The Register.
“We have defense-related activity, which was a significant bulk of the different terms, or emails related to defense platform systems or companies,” McNamara said. “Some of those were looking for any emails that were coming in or going out that used @ and then a big defense name. Others were specific email addresses of individuals at more niche defense companies.”
…
While most of the terms related to defense and technology, the intruders also searched for some medical research facilities – and the very specific pathogen, “Chikungunya,” a viral disease transmitted to humans from mosquitoes that was responsible for an outbreak in China’s Guangdong province in July 2025.
Google won’t say how many organizations were compromised in this campaign. A Monday report said the operation targeted several national, state, and private medical entities.
“These organizations comprise world-renowned clinical providers, premier academic centers, North American military health institutions, professional advocacy groups, and health regulatory bodies,” according to the report. “Their research areas span a broad spectrum of modern medicine, from molecular discovery and clinical drug trials to state-level public health policy and military readiness.”
…
Incident responders first detected this campaign in early 2025, but told us it dates back to at least 2023. And all of these attacks began with the digital intruders somehow exploiting externally facing REDCap (Research Electronic Data Capture) servers. These servers are primarily used by universities, hospitals, and research institutions to build and manage online databases and surveys, and to store sensitive clinical research data.
The earliest known intrusion happened in September 2023, when UNC6508 compromised a REDCap server belonging to a North American medical research institution. McNamara told us that all of the intrusions followed this same pattern.
…
As opposed to Google, who also does this?
Can you elaborate? This is first time of me hearing of google spying on China’s critical infrastructure for the government
As opposed to Google spying on us.
Are you in full seriousness comparing foreign governments spying on military and medical networks similar to google trying to find out what to advertise to you? Man, the whataboutism is reaching new heights.
It’s amazing when a person takes a comment, lights that gas lamp, and drags me into a direction only they want to go.
You made the comment. I’m ridiculing it.
With such confidence, yet such ignorance to its actual meaning. I hope you’ve received the dopamine you were after. I know I have.
My ignorance to the meaning behind it? Do educate me on how a company collecting user data is anywhere close to military espionage.
Like, don’t get me wrong, we all like to shit on US, capitalism, spying, etc. but I’ve grown tired of, without fail, always seeing “but US” comments under every post that says something bad about what China is doing, as if that somehow excludes other bad actors. I’m convinced this is an actual strategy used by CCP, just like how it was an official strategy of CCCP/USSR
Google why google is banned in China.
I honestly don’t care. There might have been a good reason for it, but I simply have no sympathy towards google. I was basically baiting him into admitting that the comparison is kinda stupid
Google why is Wikipedia banned in China
And I was trying to get you to understand why the comparison is apt. Google acted as an arm of the US government and was stealing data that it shared with the US government. Additionally the infrastructure it planned to install in order to increase performance in China was suspected of sending non-Google related data to the US government permanently.
Wikipedia is banned for similar reasons (and also spreading misinformation as fact, but you aren’t ready for that conversation.)
I was with you with the first half, but clearly we live in a different worlds where your information comes from closed curated sources, while I obtain it worldwide (I’m from East Europe not US) and logically assume the truth from all available data. You’re not ready for this conversation either. Have a good day.
Google does it because they want to enslave you to the mock capitalist teat. China does it because they want to enslave you to the mock socialist teat. Its very different.
I don’t think China cares much about citizens in other countries
I know of only one country that actively messes with people in foreign countries. Granted, they’re mostly Chinese, but still. Chinese foreign police stations have been well documented.
I know of only one country that actively messes with people in foreign countries.
The US, who frequently kills and kidnaps leaders and politicians of sovereign countries without a declaration of war?
Granted, they’re mostly Chinese, but still. Chinese foreign police stations have been well documented.
Oh no, its been infected by sinophobic propaganda that’s easily disproved and is entirely illogical.
Can’t disagree with that.
