Summary
Key Points:
- UNC6508, a Chinese state-sponsored espionage group, has been active since September 2023, targeting critical infrastructure in the U.S. and Canada to steal sensitive data across various sectors including academia and healthcare.
- The group utilized a custom backdoor named INFINITERED to compromise systems, particularly exploiting vulnerabilities in REDCap servers, with potential impacts on national security due to the nature of the stolen data.
- Organizations are advised to enhance monitoring for unusual network traffic and implement robust security measures to detect unauthorized access attempts, especially related to REDCap and similar platforms.
Technical Details: The group exploited vulnerabilities in REDCap servers, which had multiple patches issued throughout 2023. The exact method of initial access remains unknown.
MITRE ATT&CK Techniques:
- T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
- T1078 - Valid Accounts (Defense Evasion)
- T1203 - Exploitation for Client Execution (Initial Access)
IOCs Mentioned: None mentioned
Join the discussion — sign up to comment, upvote, and save articles.