VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Chinese hackers used Google Workspace rules to steal research and defence emails

Китайские хакеры использовали правила Google Workspace для кражи исследовательских и оборонных писем

Colleagues, please note: a campaign targeting mailboxes in medical, academic and military research networks has been identified in cybersecurity.

GTIG links it to UNC6508: operators (2023–2025) deployed the INFINITERED backdoor to external REDCap servers and exfiltrated credentials. With admin rights they created a Google Workspace content‑compliance rule that BCC‑copied matching messages to their address.

Recommendations: patch and remove legacy REDCap instances, review forwarding/content‑compliance rules, audit admin logs and enable phishing‑resistant MFA.

Why it matters: native cloud features can become covert data exfiltration channels.

What will you check first?

#cybersecurity #emailsecurity #GoogleWorkspace #REDCap

Latest comments

No comments yet.