Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails

A

Admin User

Administrator of InfoSecCenter. Passionate about cybersecurity, information security, and technology.

Save

In an alarming demonstration of sophisticated cyber espionage, a China-linked threat actor has leveraged legitimate cloud infrastructure to exfiltrate sensitive research data from North American institutions. The campaign, which operated undetected for over a year, highlights how attackers are evolving beyond traditional malware methods to exploit the very tools designed to improve organizational productivity and collaboration.

The espionage campaign targeted medical, academic, and military research networks across North America. Initial compromise occurred through a backdoor installed on REDCap research servers—web-based applications widely used in academic institutions for collecting and managing research data. Once inside, the attackers quietly harvested login credentials that provided access to email systems. What sets this attack apart, however, was the exfiltration method. Rather than deploying suspicious malware or connecting to obvious command-and-control servers, the hackers manipulated the victims' own Google Workspace rules to automatically copy and forward messages containing sensitive research and defense information. By abusing legitimate functionality, the attackers effectively disguised their

Share

Shares: 0
LinkedIn WhatsApp Pinterest Print

You might also like

Comments (0)

Leave a Comment

No comments yet. Be the first to comment!