A Chinese state-linked threat actor compromised North American medical, academic, and military research organizations for over a year by exploiting REDCap research servers to steal credentials. The attackers then manipulated victims' Google Workspace email forwarding rules to exfiltrate sensitive research and defense communications, demonstrating an innovative persistence and data theft technique
A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the unusual part: the attackers rewired the victims' own Google Workspace rules to copy any message
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
