China-linked hackers breach North American medical research via compromised REDCap servers

AI-Generated Summary

2 sources

1 day ago

3 views

China-linked hackers breach North American medical research via compromised REDCap servers

Key Points

A China-linked espionage campaign targets North American medical research institutions.
The attackers compromise exposed or vulnerable REDCap servers.
GTIG attributes the activity to UNC6508, associated with the People’s Republic of China.
Malware is deployed after exploitation to gain persistence and access internal systems.
The campaign results in theft/exfiltration of sensitive medical research data.

Google’s Threat Intelligence Group (GTIG) reports that a China-linked cyber espionage campaign compromises North American medical research institutions by targeting exposed REDCap servers. GTIG says the activity is attributed to UNC6508, a threat actor associated with the People’s Republic of China. The researchers report that UNC6508 exploits vulnerabilities in REDCap instances and uses custom malware to establish persistence and access internal environments. GTIG states the campaign remains undetected in victim systems for an extended period—over a year—and that activity began in September 2023.

Bleeping Computer similarly reports that the campaign focuses on REDCap servers that are accessible to the public. In that account, the attackers deploy InfiniteRed malware after gaining access and then exfiltrate sensitive information from a North American medical institution. Both sources describe the same overarching pattern: initial compromise through vulnerable or exposed REDCap infrastructure, followed by malware deployment, prolonged stealth, and theft of research-related data.

How Outlets Covered This Story

HEL

Help Net Security

Chinese hackers breached North American research institutions via REDCap servers

A China-linked cyber espionage operation targeted North American medical research institutions through compromised REDCap servers, using custom malware to gain persistent access and collect sensitive information, Google’s Threat Intelligence Group (GTIG) researchers found. UNC6508 exploits vulnerable REDCap servers GTIG attributed the campaign to UNC6508, a threat actor linked to the People’s Republic of China that remained undetected in victim environments for more than a year. According to the researchers, the activity began in September 2023 … More → The post Chinese hackers breached North American research institutions via REDCap servers appeared first on Help Net Security.

22 hours ago

BLE

Bleeping Computer

Chinese hackers breach REDCap servers, steal medical research

A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. [...]

1 day ago

We use cookies

This website uses cookies in order to enhance the overall user experience.

Take a look at our Cookies Policy for more information.

China-linked hackers breach North American medical research via compromised REDCap servers

Councils deploy enforcement patrols issuing fixed penalties under environmental regulations

Bonnie Tyler wakes from induced coma in Portugal after cardiac arrest

Riad Bouchaker trial hears witness accounts and CCTV of 2023 Parnell Square stabbing