THE Google Threat Intelligence Group (GTIG) reported on a sophisticated cyber campaign attributed to the Chinese threat actor UNC6508, targeting North American academic, medical, and military institutions. This actor exploited REDCap servers to deploy custom malware, known as INFINITERED, which allowed covert data exfiltration from sensitive systems over an extended period.
The campaign, which began in September 2023, utilized techniques like credential harvesting, backdooring, and abusing domain content compliance rules for data theft. GTIG collaborated with Mandiant to detect and remediate the threat, advising organizations to take several preventative security measures including enforcing two-step verification and updating software. Comprehensive indicators of compromise (IOCs) and detailed actions for preventing similar attacks were also provided.