Google’s threat intelligence team reported that the Chinese espionage group UNC6508 compromised REDCap servers at North American medical, academic, and military research organizations between September 2023 and November 2025. The group exploited a legitimate Google Workspace content compliance feature to covertly BCC matching emails to an external address.
The compromised REDCap servers are used for managing research data, particularly in sensitive medical and military contexts. UNC6508’s tactics allowed them to extract information without raising alarms.
Google’s team noted that this method of data exfiltration highlights the vulnerabilities associated with widely used software tools. They emphasized the importance of robust security measures to protect sensitive data.
The report did not specify the exact number of organizations affected or the nature of the data that was compromised. Google continues to monitor the situation and advises users to remain vigilant against potential threats.
