UNC6508 maintained a persistent presence inside US and Canadian research networks for 14 months before detection. Google's Threat Analysis Group publicly attributed the campaign to a Chinese-linked hacking group that began operations in September 2023 and only ended in November 2025.
Targets Were Defense, AI, and Medical Research
The group focused on academic, medical, and military research institutions. Exfiltrated data covered defense strategy, military technology, artificial intelligence, and medical research. That's a textbook nation-state espionage portfolio: grab the unclassified but cutting-edge work that fuels defense and economic advantage.
UNC6508's operational tempo suggests a dedicated team with clear tasking. Running a campaign for over a year without being publicized until now implies they either evaded detection or the victims didn't notice the bleeding. Google notified the affected organizations after its analysis confirmed the activity.
Attribution without Public Finger-Pointing
Google stopped short of naming a specific Chinese state sponsor, but the UNC6508 designation ties the group to Chinese interests. The technical indicators and targeting patterns align with known advanced persistent threat (APT) groups operating from China. Expect the US and Canadian cybersecurity agencies to issue joint advisories soon.
Next: research institutions need to treat their network perimeters as porous against determined adversaries. If a group can operate for over a year without triggering alarms, the shared threat intelligence model between academia and government needs a faster feedback loop.
Source: Chinese-linked hackers targeted US, Canadian research facilities for a year: Google
Domain: economictimes.indiatimes.com
Comments load interactively on the live page.