A cyberespionage group linked to China, known as UNC6508, infiltrated North American medical research networks for over two years, starting from September 2023. This group was discovered in November 2025, indicating a lack of visibility in network defenses. They employed a custom malware named INFINITERED to capture credentials and forward emails undetected. Their primary targets were significant healthcare institutions and military health organizations, with intrusions commonly initiated through REDCap servers.
Google has identified specific security recommendations to mitigate further risks, including updating REDCap systems, reviewing email security settings, and improving monitoring capabilities.