A Chinese-linked hacking group secretly targeted US and Canadian research institutions for over two years, raising concerns about cyberespionage, national security, and the growing value of scientific research.
 |
| A covert cyber campaign linked to China targeted academic, medical, and military research organizations across the US and Canada, exposing growing risks facing research institutions worldwide. Image: CH |
Tech Desk — June 15, 2026:
A Chinese-linked hacking group spent more than two years quietly infiltrating research institutions across the United States and Canada, collecting sensitive information tied to defense, healthcare, artificial intelligence, and military strategy before the operation was uncovered, according to a report released by Google on Monday.
The campaign highlights how research organizations have become increasingly valuable targets in the global race for technological and strategic advantage. Universities, medical centers, and defense-related research facilities now hold information that can influence economic competitiveness, military planning, and national security.
Google's Threat Intelligence Group attributed the activity to a cyberespionage group known as UNC6508. The company said the hackers operated undetected between September 2023 and November 2025, focusing on institutions involved in a wide range of research fields.
While Google did not name the affected organizations, it said the targets included institutions working on drug discovery, clinical trials, public health policy, military readiness, and advanced technology development. Together, these organizations employ thousands of researchers and manage billions of dollars in research funding.
According to Google, the attackers were particularly interested in information related to defense intelligence, Indo-Pacific military strategy, cyber warfare programs, artificial intelligence, and unmanned systems. Such topics are increasingly viewed as critical assets in the strategic competition between major powers.
The operation reportedly began when hackers exploited vulnerabilities in REDCap, a web application commonly used by research institutions and nonprofit organizations to manage databases and surveys. By taking advantage of weaknesses in the software, the attackers gained access to legitimate user credentials.
Instead of launching disruptive attacks, the group focused on remaining hidden. Once inside targeted networks, the hackers established automated systems capable of monitoring communications and forwarding selected emails to accounts under their control.
Google researchers found that the attackers tracked nearly 150 keywords and search terms. These included contact information for key personnel as well as terms linked to military affairs, geopolitical strategy, advanced technologies, and medical research.
The method reflects a patient and highly targeted intelligence-gathering effort rather than a traditional cyberattack designed to cause immediate damage. By using legitimate credentials and carefully filtering communications, the group was able to blend into normal network activity and avoid detection for an extended period.
The findings come at a time of growing concern among Western governments about cyber campaigns aimed at acquiring sensitive research and technological knowledge. Areas such as artificial intelligence, biotechnology, defense systems, and cybersecurity have become central to national security strategies around the world.
Research institutions often face unique cybersecurity challenges. Their collaborative nature encourages the sharing of information across departments, countries, and partner organizations. While this openness helps drive innovation, it can also create opportunities for sophisticated threat actors seeking access to valuable data.
The case also underscores how healthcare and medical research have become strategic targets. Information related to drug development, clinical studies, and public health planning can provide significant economic and geopolitical advantages.
China has repeatedly denied conducting or supporting cyberespionage operations. The Chinese Embassy in Washington did not immediately respond to requests for comment following the publication of Google's report.
For cybersecurity experts, the incident serves as another reminder that cyber threats are no longer confined to government agencies or military networks. Academic institutions, research laboratories, and healthcare organizations now sit on the front lines of global intelligence competition.
As nations increasingly compete for leadership in emerging technologies and scientific innovation, the protection of research data is becoming as important as safeguarding traditional state secrets. The UNC6508 campaign demonstrates how valuable knowledge itself has become a key battleground in the digital age.