Chinese Hackers Spent Over 14 Months in AI and Defense Labs in the U.S. and Canada, Google Reveals

The Google Threat Intelligence Group (GTIG) disclosed on Monday that a group affiliated with China, identified as UNC6508, remained within academic, medical, and military research networks in the United States and Canada for over 14 months before being detected. Initial access was gained by exploiting REDCap servers (Research Electronic Data Capture), a widely-used research data capture software in universities and medical centers. The operation ran from September 2023 to November 2025, according to the report.

The nature of the targets is what distinguishes this campaign from others attributed to Chinese state actors this year. UNC6508 was seeking data on defense intelligence, military strategy in the Indo-Pacific, artificial intelligence, unmanned vehicles, cyber warfare programs, and advanced medical research. The combination points to targeted data collection and indicates that the targets were not opportunistic.

INFINITERED and Abuse of Google Workspace

The central technical piece of the operation is INFINITERED, a customized malware that GTIG describes in three components. The first is a dropper that intercepts legitimate REDCap updates. The second is a credential harvester that captures usernames and passwords entered in the application. The third is a backdoor with command-and-control functionality. This chain allows the attacker to substitute a trusted update routine with a modified version that maintains the appearance of the original.

After capturing the credentials, the group moved laterally within the internal networks of the institutions. The operational innovation, according to Mandiant Consulting, which assisted Google in the investigation, was the manipulation of content compliance rules in Google Workspace for the silent exfiltration of data. The attacker did not use a raw external channel; instead, they leveraged the victim's internal infrastructure to have it deliver files through legitimate flows.

Mandiant directly notified the affected Canadian entities and is providing technical remediation support. No compromised institution has been publicly named as of the publication of this article. GTIG did not disclose the number of organizations impacted and did not comment on whether there is evidence of ongoing active compromise beyond November 2025.

Implications for Canada, Europe, and Brazil

For Canada, this is yet another case of state-sponsored cyber espionage against the country's research base, reopening discussions about the budget and mandate of the Communications Security Establishment, a debate that had been sidelined since early this year. Ottawa's efforts to define minimum cybersecurity standards for universities receiving federal funding, which have been discussed since 2025, gain new concrete argumentation.

For Europe, the vector matters more than the actual outcome. REDCap is used in over 6,000 institutions across more than 145 countries, including major German, French, and British universities. Imperial College London, Karolinska Institute, and Charité Berlin are mentioned in studies published in 2026 citing REDCap as a data collection tool. GTIG's alert does not limit the attack to North American institutions; it describes a technique of abuse that applies to any REDCap installation exposed to the internet.

For Brazil, the sensitive point is the set of university hospitals and research centers running REDCap in clinical trial workflows. USP, Hospital das Clínicas, Fiocruz, and Hospital Israelita Albert Einstein operate instances of the software in projects funded by FAPESP and CAPES. No attacks attributed to the same campaign have been reported on Brazilian soil so far, but the compromise vector—manipulated REDCap updates and altered Workspace rules—transfers to any unaudited installations.

What C-Level Executives Should Do Now

The technical recommendation from GTIG is straightforward. Block external access to REDCap servers, validate checksums of all updates installed since September 2023, and audit content compliance rules in Google Workspace, especially those created by unexpected administrative users. For CISOs in pharma, biotech, and defense, the checklist carries immediate practical weight.

The aspect that escapes the technical scope is the duration. UNC6508 remained undetected for 14 months inside academic networks connected to defense contracts. The governance question this raises for any institution with sensitive research, in any country, is whether the separation between university research networks and operational networks for critical contracts can withstand a patient adversary that combines supply chain techniques with the abuse of legitimate SaaS. Google's report suggests that, without investment in monitoring research software updates, the answer is no.