Google is warning of a cyber espionage campaign linked to a China-nexus threat actor, UNC6508, that kept close tabs on valuable US and Canadian research environments for over a year.
The campaign abused REDCap, a widely adopted platform for collecting and managing research data. Attackers, now disrupted, intercepted REDCap’s upgrade process to inject persistence malware.
According to Google’s Threat Intelligence Group (GTIG), the campaign was particularly interested in academic institutions, medical research centers, healthcare providers, military health networks, and defense-focused research programs.
Google said UNC6508 historically infected the legacy REDCap versions, and the observed cam...