A sophisticated campaign attributed to UNC6508, a China-nexus threat actor, has targeted North American academic, medical, and military research institutions. The actor exploited externally facing REDCap servers, deployed custom malware (INFINITERED), and used domain content compliance rule manipulation for data exfiltration. The campaign focused on stealing sensitive defense, AI, cyber, and medical research data.
