Chinese Hackers Target Medical, Military, and AI Research in North America

The Google Threat Intelligence Group (GTIG) has published an analysis of the attacks carried out by a cyberespionage group linked to the Chinese government.

Tracked as UNC6508, the group is believed to have been active since at least 2023, but Google’s researchers started tracking it in early 2025. UNC6508 was mentioned by Google in a report published in February.

The UNC6508 campaign observed by GTIG was mainly aimed at North America, with the hackers targeting major medical, academic, and military research organizations.

“These organizations comprise world-renowned clinical providers, premier academic centers, North American military health institutions, professional advocacy groups, and health regulatory bodies,” Google’s researchers explained. “Their research areas span a broad spectrum of modern medicine, from molecular discovery and clinical drug trials to state-level public health policy and military readiness.”

According to GTIG, the cyberspies regularly target servers hosting REDCap, a web platform for building and managing clinical research databases and surveys in the medical field. Google said it’s unclear how the attackers gained access to REDCap servers, but evidence suggests they may be targeting vulnerable legacy versions.