Medical institution in North America hit by data theft breach

Incident

First reported

15.06.2026 17:00

Last updated

15.06.2026 17:00

Happening score

H score 26

1 unique sources, 1 articles

Summary

Hide ▲

A North American medical institution suffered a REDCap breach that enabled InfiniteRed deployment and sensitive-data theft, leaving the network compromised for more than a year. GTIG attributed the intrusion to UNC6508 and tied the initial compromise to September 2023. The attackers used a credential-harvesting component, a backdoor, and email-based exfiltration through a legitimate compliance-rule feature. Google notified affected organizations in the U.S. and Canada after identifying the activity.

Related Happenings

UNC6508 China-linked REDCap espionage campaign

Campaign

H score40 First: 15.06.2026 17:00 Last: 15.06.2026 17:00 Sources 1

How related: A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America.

About this happening: **UNC6508** ran a **China-linked espionage campaign** that targeted **exposed REDCap servers** to steal sensitive data from a **North American medical institution**. The operation...

Open Happening

Timeline

15.06.2026 17:00 2 articles · 1h ago

Medical institution in North America hit by data theft breach

Initial Disclosure
The intrusion appears to have started in **September 2023** when attackers probed older, vulnerable **REDCap** versions and established access to the medical institution’s environment. The victim remained compromised without detection while the operators prepared later malware and exfiltration mechanisms.
Show sources

Chinese hackers breach REDCap servers, steal medical research — www.bleepingcomputer.com — 15.06.2026 17:00

Chinese hackers breach REDCap servers, steal medical research — www.bleepingcomputer.com — 15.06.2026 17:00
Open in new tab