THE article discusses a cyber espionage campaign attributed to the UNC6508 threat actor, believed to be linked to China. This group targeted North American academic, medical, and military research organizations using bespoke INFINITERED malware, achieving undetected access for over a year. Their tactics included exploiting vulnerabilities in REDCap web applications to exfiltrate sensitive data related to national security and medical research.
The attackers employed sophisticated operational security techniques and utilized a novel method of email data exfiltration. Recommendations for defense include applying software patches, enforcing two-step verification, and auditing compliance rules.