THE Google Threat Intelligence Group (GTIG) reported on cyberespionage activities of a group associated with the Chinese government, identified as UNC6508, which has been active since at least 2023. This group mainly targets North American medical, academic, and military research organizations, including those involved in clinical trials and public health policy. Their attacks often exploit vulnerabilities in REDCap servers used for clinical research.
The group uses sophisticated malware called InfiniteRed to facilitate operations, including credential harvesting and maintaining backdoors. They also utilize obfuscation techniques to conceal their activities. Google has disrupted the group’s infrastructure and shared technical details to aid defense against such threats.