Google Threat Intelligence Group says UNC6508, a Chinese government-linked cyberespionage group, has been targeting North American medical, academic, and military research organizations since at least 2023. The campaign used REDCap server targeting, deployed the InfiniteRed malware, and abused content compliance rules to steal emails and pursue intelligence tied to national security, AI, drones, and defense research. #UNC6508 #GoogleThreatIntelligenceGroup #InfiniteRed #REDCap
Keypoints
- UNC6508 is a cyberespionage group linked to the Chinese government.
- The campaign mainly targeted North American medical, academic, and military research organizations.
- Attackers focused on REDCap servers, possibly exploiting vulnerable legacy versions.
- Google found the custom InfiniteRed malware on multiple US and Canadian systems.
- The group also abused content compliance rules to exfiltrate targeted emails and intelligence.