All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
Bluesky
Twitter
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Google tracks China-linked espionage group exploiting REDCap servers in North American health research networks

3h ago· 1 min readenNews
Bagel score 75 of 100
75/100
Toasty
Bagelometer

Plain bagel done well. Pleasantly substantive.

Score75TypenewsSentimentnegative

Summary

Google's Threat Analysis Group (TAG) tracked a China-linked espionage cluster (UNC6508) that infiltrated North American medical, academic, and military research networks for over a year. The group targeted clinical providers, academic centers, military health institutions, advocacy groups, and health regulators across the US and Canada. Initial access was gained through a backdoor on externally facing REDCap servers used for clinical study database management. Google observed probing of older vulnerable systems but did not disclose the specific CVE or affected versions.

Key quotes

· 4 pulled
UNC6508, a China-linked espionage cluster tracked by Google with high confidence, remained inside North American medical, academic, and military research networks for more than a year.
The campaign targeted clinical providers, academic centres, military health institutions, advocacy groups, and health regulators across the United States and Canada.
Initial access came via a backdoor on externally facing REDCap servers used to build and manage clinical study databases.
Google did not name the initial access vector, a specific CVE, or affected versions, but observed probing of older vulnerable i
Snippet from the RSS feed
UNC6508 compromised externally facing REDCap servers and used Google Workspace mail-rule rewiring to exfiltrate sensitive research and defence-related email from US and Canadian institutions.

You might also wanna read

Google detects and blocks first known AI-assisted zero-day exploit

Google's Threat Intelligence Group has detected and stopped what it says is the first known zero-day exploit developed with AI assistance. T

The Verge·1mo ago

Study Finds 38% of Top Websites Use Third-Party Keystroke Interception That May Violate U.S. Wiretapping Laws

This paper presents a tech-law analysis examining the use of JavaScript event listeners by third-party trackers for real-time keystroke inte

arxiv.org·9mo ago

Research Finds DeepSeek AI Generates Less Secure Code for Groups Disfavored by China

A U.S. security firm's research reveals that Chinese AI company DeepSeek produces lower-quality, less secure code for groups and purposes th

washingtonpost.com·9mo ago

Inside the Grey Market Peptide Economy: Regulatory Gaps and Underground Pharmaceutical Infrastructure

This article investigates the parallel pharmaceutical infrastructure built around grey market peptides like BPC-157 and semaglutide. It cont

vectorculture.substack.com·5mo ago

Bloomberg investigation finds US health insurance marketplaces shared user data with Google, Meta, and other ad tech firms

A Bloomberg investigation found that nearly all 20 U.S. state-run health insurance marketplaces shared residents' application data with ad t

TechCrunch·1mo ago

Security Researchers Discover RCE Chain in PostHog Analytics Platform Through SSRF, ClickHouse Zero-Day, and Default PostgreSQL Credentials

A security research team discovered multiple critical vulnerabilities in PostHog analytics platform that could be chained together for remot

mdisec.com·6mo ago