Most internet-exposed REDCap servers are running outdated versions, leaving them vulnerable to targeting by state-sponsored groups like UNC6508. Google’s GTIG says UNC6508 has used compromised REDCap servers for cyberespionage and credential theft against major research organizations, while Censys found only a tiny fraction of instances are fully up to date. #REDCap #UNC6508 #VanderbiltUniversity #GoogleThreatIntelligenceGroup #Censys
Keypoints
- Most internet-accessible REDCap servers are running outdated software.
- UNC6508 has targeted legacy REDCap systems for cyberespionage.
- Attackers deployed custom malware to steal login credentials.
- One intrusion led to the InfiniteRed backdoor and later data theft.
- Organizations should inventory REDCap instances and patch them promptly.
Read More: https://www.securityweek.com/majority-of-internet-accessible-redcap-servers-outdated/