World News@lemmy.worldEnglish · 22 hours ago

China-linked spies hid inside North American medical and military networks for more than a year, snooping through Gmail and stealing data

www.theregister.com

China-linked spies hid inside North American medical and military networks for more than a year, snooping through Gmail and stealing data

www.theregister.com

Scotty@scribe.disroot.org to

World News@lemmy.worldEnglish · 22 hours ago

PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data

www.theregister.com

Google says the intruders were on the hunt for everything from drone tech to pathogens

cross-posted from: https://scribe.disroot.org/post/9548496

Chinese government spies remained hidden in the networks of multiple North American medical and military research organizations for more than a year, deploying custom malware and snooping through Gmail inboxes and stealing sensitive data.

This PRC-nexus espionage crew, which Google tracks as UNC6508, used some particularly noteworthy search terms as they were scanning for data to steal. They included such esoteric topics as drone technology and a viral disease that spreads from mosquitoes to humans.

“It’s one of the most interesting grocery shopping lists of things to collect that I’ve seen from a state-sponsored actor,” Luke McNamara, deputy chief analyst at Google Threat Intelligence Group, told The Register.

“We have defense-related activity, which was a significant bulk of the different terms, or emails related to defense platform systems or companies,” McNamara said. “Some of those were looking for any emails that were coming in or going out that used @ and then a big defense name. Others were specific email addresses of individuals at more niche defense companies.”

…

While most of the terms related to defense and technology, the intruders also searched for some medical research facilities – and the very specific pathogen, “Chikungunya,” a viral disease transmitted to humans from mosquitoes that was responsible for an outbreak in China’s Guangdong province in July 2025.

Google won’t say how many organizations were compromised in this campaign. A Monday report said the operation targeted several national, state, and private medical entities.

“These organizations comprise world-renowned clinical providers, premier academic centers, North American military health institutions, professional advocacy groups, and health regulatory bodies,” according to the report. “Their research areas span a broad spectrum of modern medicine, from molecular discovery and clinical drug trials to state-level public health policy and military readiness.”

…

Incident responders first detected this campaign in early 2025, but told us it dates back to at least 2023. And all of these attacks began with the digital intruders somehow exploiting externally facing REDCap (Research Electronic Data Capture) servers. These servers are primarily used by universities, hospitals, and research institutions to build and manage online databases and surveys, and to store sensitive clinical research data.

The earliest known intrusion happened in September 2023, when UNC6508 compromised a REDCap server belonging to a North American medical research institution. McNamara told us that all of the intrusions followed this same pattern.

…

You must log in or register to comment.

Chat

kibblebits@quokk.au
link
fedilink
English
arrow-up
9·
22 hours ago
As opposed to Google, who also does this?
- Miller@lemmy.world
  link
  fedilink
  English
  arrow-up
  6·
  21 hours ago
  Google does it because they want to enslave you to the mock capitalist teat. China does it because they want to enslave you to the mock socialist teat. Its very different.
  - inari@piefed.zip
    link
    fedilink
    English
    arrow-up
    3·
    16 hours ago
    I don’t think China cares much about citizens in other countries
  - kibblebits@quokk.au
    link
    fedilink
    English
    arrow-up
    2·
    21 hours ago
    Can’t disagree with that.

World News@lemmy.world

world@lemmy.world

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

A community for discussing events around the World

Rules:

Rule 1: posts have the following requirements:
- Post news articles only
- Video links are NOT articles and will be removed.
- Title must match the article headline
- Not United States Internal News
- Recent (Past 30 Days)
- Screenshots/links to other social media sites (Twitter/X/Facebook/Youtube/reddit, etc.) are explicitly forbidden, as are link shorteners.
Rule 2: Do not copy the entire article into your post. The key points in 1-2 paragraphs is allowed (even encouraged!), but large segments of articles posted in the body will result in the post being removed. If you have to stop and think “Is this fair use?”, it probably isn’t. Archive links, especially the ones created on link submission, are absolutely allowed but those that avoid paywalls are not.
Rule 3: Opinions articles, or Articles based on misinformation/propaganda may be removed.
Rule 4: Posts or comments that are homophobic, transphobic, racist, sexist, anti-religious, or ableist will be removed. “Ironic” prejudice is just prejudiced.
Posts and comments must abide by the lemmy.world terms of service UPDATED AS OF OCTOBER 19 2025
Rule 5: Keep it civil. It’s OK to say the subject of an article is behaving like a (pejorative, pejorative). It’s NOT OK to say another USER is (pejorative). Strong language is fine, just not directed at other members. Engage in good-faith and with respect! This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban.

Similarly, if you see posts along these lines, do not engage. Report them, block them, and live a happier life than they do. We see too many slapfights that boil down to “Mom! He’s bugging me!” and “I’m not touching you!” Going forward, slapfights will result in removed comments and temp bans to cool off.

Rule 6: Memes, spam, other low effort posting, reposts, misinformation, advocating violence, off-topic, trolling, offensive, regarding the moderators or meta in content may be removed at any time.
Rule 7: We didn’t USED to need a rule about how many posts one could make in a day, then someone posted NINETEEN articles in a single day. Not comments, FULL ARTICLES. If you’re posting more than say, 10 or so, consider going outside and touching grass. We reserve the right to limit over-posting so a single user does not dominate the front page.

We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.

All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.

Lemmy World Partners

News [email protected]

Politics [email protected]

World Politics [email protected]

Recommendations

How to spot Misinformation and Propaganda

For Firefox users, there is media bias / propaganda / fact check plugin.

https://addons.mozilla.org/en-US/firefox/addon/media-bias-fact-check/

Consider including the article’s mediabiasfactcheck.com/ link

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

2.31K users / day
5.86K users / week
10K users / month
22.5K users / 6 months
1 local subscriber
56.6K subscribers
17K Posts
260K Comments
Modlog