China Spent Over a Year Inside U.S. Medical Research Networks — And Used Google’s Own Email Rules to Steal Data

The attackers, tracked as "UNC6508," did not write new malware to steal emails. They created an administrator rule inside Google Workspace, named it "Patroit"