Google Uncovers Stealthy Chinese Espionage Operation Targeting US and Canadian Sectors

A newly identified Chinese espionage group infiltrated US and Canadian institutions since 2023, exploiting medical research software to steal credentials and sensitive data undetected.

Editorial Team · Jun 16, 2026 · 2 min read · Source: cyberscoop.com

Google’s Threat Intelligence Group revealed a covert Chinese state-sponsored hacking operation that infiltrated government and private networks across the United States and Canada for over two years. The group, designated UNC6508, breached organizations involved in academia, healthcare, military, cybersecurity, and foreign policy, operating in secret from 2023 until its detection in late 2025.

The group gained access by exploiting vulnerabilities in REDCap, a widely used electronic data capture software for medical research, originally developed at Vanderbilt University. UNC6508 deployed a custom backdoor, dubbed INFINITERED, to steal administrative credentials and maintain persistent access. Despite ongoing patches to REDCap throughout 2023, the initial entry point remains unclear. This breach allowed the attackers to surveil and extract sensitive data, including credentials and internal communications, from compromised institutions.

Experts caution that the identified victims likely represent just a portion of UNC6508’s broader campaign. The attackers targeted clinical providers, academic medical centers, and US military health organizations, underscoring the group’s sophisticated capabilities and strategic priorities. The espionage operation used domain compliance evasion techniques to siphon data without relying on traditional malware or common hacking tools, enabling prolonged undetected activity.

Patrick Whitsell, a senior security engineer with Google’s Threat Intelligence Group, highlighted that the full reach and impact of UNC6508’s operations remain unknown. The group’s ability to stay hidden within valuable networks for an extended period marks it as a persistent and advanced threat, with ongoing risks to defense, technology, and medical sectors.

The discovery forms part of a broader pattern of Chinese espionage efforts embedding backdoors into critical infrastructure. These campaigns aim to intercept intelligence, pre-position for sabotage, and compromise national security by stealing data crucial for military, scientific, and technological advantage. UNC6508’s exposure amplifies concerns about the vulnerability of networks across sensitive domains and the sophistication of state-backed cyber operations.