A China-aligned threat actor, UNC6508, conducted an extensive spying campaign on US academic, medical, and military institutions for over a year, utilizing custom malware to steal credentials from researchers' Web applications. Discovered by Google Threat Intelligence Group, this operation targeted sensitive data from multiple high-profile organizations and showcased innovative data exfiltration techniques, making detection challenging.
Google collaborated with Mandiant to disrupt the activity and alerts other potential targets. Recommendations for organizations include enforcing two-factor authentication and monitoring for unauthorized changes.