Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails

A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the unusual part: the attackers rewired the victims' own Google Workspace rules to copy any message

According to Google, the China-linked espionage group UNC6508 compromised REDCap research servers at North American medical, academic, and military research organizations, harvesting credentials and then using legitimate Google Workspace content compliance rules to silently BCC sensitive research and defense-related emails to attacker-controlled Gmail accounts.[1][2] The operation persisted for over a year and relied on abusing built-in cloud admin features (mail rules) rather than deploying additional malware, making it difficult to detect.[1][2] From a CyberSE.AI perspective, any AI-enabled workflows or research pipelines built on top of SaaS platforms like Google Workspace inherit this risk: if an attacker gains admin access, they can rewire rules, data flows, or integrations used by AI agents to exfiltrate training data, prompts, or model outputs without changing the AI code itself. Organizations should use an AI Security Readiness Assessment to map AI-related data flows in SaaS environments, enforce phishing-resistant MFA and least-privilege admin controls, and regularly audit mail rules, automation, and third-party integrations that AI agents depend on for potential covert ex