Chinese Hackers Target AI, Defense, Medical Research

Chinese hackers are targeting sensitive research, including artificial intelligence, cyber programs, and national defense. A threat actor, identified as UNC6508 and linked to the People’s Republic of China, conducted a campaign that went undetected for over a year. What's interesting is this group compromised external web applications and used custom malware called INFINITERED. This malware embeds itself into REDCap's upgrade workflow, meaning it can survive and re-infect new versions even after an institution attempts to fix vulnerabilities. The hackers specifically targeted REDCap servers, a software platform used by the North American medical research community. They exploited legacy versions of the software that remained vulnerable. The threat actor's targets also include sensitive defense intelligence, medical research, and uncrewed vehicle systems. The bottom line is that institutions using REDCap need to immediately inspect their upgrade files for unauthorized modifications and remove any legacy versions to prevent ongoing compromise.