China-linked Spies Stole Biotech Data From US Research Labs

A China-linked cyber-espionage group stole biotechnology and defense data from U.S. research institutions during a year-long spying campaign [1, 2].

This breach highlights the vulnerability of academic and medical research infrastructure to state-sponsored theft of intellectual property. The loss of sensitive biotech and defense data could potentially accelerate foreign strategic capabilities while undermining U.S. technological advantages.

Researchers identified the group as a China-Nexus actor [1, 2]. The operation targeted multiple medical and research laboratories across the U.S. [1, 2]. Reports said the actors focused on stealing RedCAP credentials to gain unauthorized access to sensitive systems [1, 2].

The espionage campaign ran for more than one year ^[2]. During this window, the group exfiltrated data related to biotechnology and defense research to serve Chinese strategic interests [1, 2]. The operation remained undetected until Google disrupted the campaign in 2024 [1, 2].

RedCAP is a secure web application for building and managing online surveys and databases, often used in clinical research. By compromising these credentials, the actors were able to bypass security measures and access proprietary research data [1, 2]. The scale of the exfiltration suggests a coordinated effort to harvest specific scientific breakthroughs, a tactic often associated with long-term strategic intelligence gathering.

Google's intervention ended the specific campaign, but the event underscores a persistent threat to the U.S. scientific community [1, 2]. The group's ability to remain hidden for such an extended period indicates a high level of sophistication in avoiding traditional detection methods [1, 2].