Google has revealed that Chinese state-linked threat actors infiltrated medical research and military networks for over a year, using Gmail as a covert communications channel to exfiltrate sensitive data. The targets included drone technology, pathogen research, and other strategically valuable information. The prolonged dwell time and breadth of targets highlight the sophistication and patience of PRC-affiliated advanced persistent threat groups.

Security Architect’s Take: Review your organisation’s outbound traffic policies to ensure sanctioned cloud services such as Gmail cannot be abused as covert command-and-control or exfiltration channels; implement CASB controls, egress filtering, and anomaly detection on email API usage, particularly for sensitive network segments handling research or defence-adjacent data.

Original advisory: PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data