A China-linked threat actor, UNC6508, has been conducting a cyber espionage campaign targeting US and Canadian research environments for over a year, exploiting legacy vulnerabilities in the widely-used REDCap platform1. The attackers intercepted REDCap's upgrade process to inject persistence malware, allowing them to maintain access to sensitive research data. The campaign focused on academic institutions, medical research centers, healthcare providers, and military healthcare organizations. Google's Threat Intelligence Group (GTIG) has disrupted the campaign, but not before the attackers had gathered valuable intelligence. The use of legacy REDCap exploits highlights the importance of keeping software up-to-date and patching known vulnerabilities. This campaign matters to security practitioners because it demonstrates the ongoing threat of state-sponsored espionage to research institutions, making it essential to prioritize the security of sensitive data and stay vigilant against such threats.
China-linked hackers target US, Canada research using legacy REDCap exploits
⚠️ Critical Alert
Why This Matters
Google is warning of a cyber espionage campaign linked to a China-nexus threat actor, UNC6508, that kept close tabs on valuable US and Canadian research environments for over a.
References
- CSO Online. (2026, June 16). China-linked hackers target US, Canada research using legacy REDCap exploits. CSO Online. https://www.csoonline.com/article/4185582/china-linked-hackers-target-us-canada-research-using-legacy-redcap-exploits.html
Original Source
CSO Online
Read original →