• Google says Chinese hackers cracked Workspace security to hit 'a

    From TechnologyDaily@1337:1/100 to All on Tue Jun 16 16:30:27 2026
    Google says Chinese hackers cracked Workspace security to hit 'a diverse set of national, state, and private medical entities' including research and defense organizations

    Date:
    Tue, 16 Jun 2026 15:20:00 +0000

    Description:
    Google warns of ongoing data theft campaign attributed to Chinese
    nation-state attacker.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Google GTIG exposes UNC6508, a PRClinked group exploiting REDCap servers with custom INFINITERED malware Attackers stole credentials, exfiltrated sensitive data via manipulated compliance rules, and hid for over a year Gmail accounts tied to campaign disabled; admins urged to enforce phishingresistant MFA, devicebound
    sessions, and advanced protections For more than a year, Chinese state-sponsored threat actors have been lurking in servers belonging to North American academic, medical, and military research organizations, deploying bespoke malware and exfiltrating sensitive files, experts have warned.

    Google Threat Intelligence Group (GTIG) published a new report detailing the recent works of UNC6508, a People's Republic of China (PRC)-nexus threat actor, who allegedly managed to exploit externally facing Research Electronic Data Capture (REDCap) servers to deploy a custom piece of malware called INFINITERED. Through this malware they stole login credentials, allowing them to access the servers contents and remain undetected for more than a year. They then moved laterally throughout the network, exfiltrating sensitive data using a novel technique of manipulating domain content compliance rules. Latest Videos From Watch full video here: "Patroit" Google says content compliance rules are a legitimate feature present in many cloud-based enterprise productivity suites. Using admin accounts, the attackers created specific rules to manage email messages that contained matching predefined sets of words, phrases, and text patterns.

    They named the rule Patroit and tasked it to BCC-forward certain emails to actor-controlled Gmail addresses. You may like New cyber scam abuses
    Microsoft Teams to steal your data Chinese national exposed by NASA investigation in serial defense software theft phishing campaign Experts warn of Silent Ransom Group breaking into businesses

    Google has since disabled the Gmail accounts associated with this threat
    actor and this campaign.

    In the blog, the researchers gave a rather extensive list of things admins should do to make sure theyre safe from UNC6508 and similar actors, including enforcing phishing-resistant 2-factor authentication, enrolling highly sensitive accounts into the Advanced Protection Program, and enforcing Device Bound Session Credentials with CAA for highly sensitive accounts to prevent cookie theft. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    The campaign targeted a diverse set of national, state, and private medical entities, Google stressed. These organizations comprise world-renowned clinical providers, premier academic centers, North American military health institutions, professional advocacy groups, and health regulatory bodies."

    "Their research areas span a broad spectrum of modern medicine, from
    molecular discovery and clinical drug trials to state-level public health policy and military readiness. They employ thousands of people with a
    combined research budget in the billions of dollars. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-says-chinese-hackers-cracked-wor kspace-security-to-hit-a-diverse-set-of-national-state-and-private-medical-ent ities-including-research-and-defense-organizations


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)