Severity: HIGH

A China-linked espionage group maintained a presence in North American medical, academic, and military research networks for over a year. They initially gained access via a backdoor on REDCap research servers to steal credentials. For data exfiltration, the attackers cleverly reconfigured the victims’ Google Workspace rules to automatically copy sensitive emails, allowing them to bypass traditional security monitoring and steal research and defense-related communications.

Source: The Hacker News