PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data
They included such esoteric topics as drone technology and a viral disease that spreads from mosquitoes to humans.
They included such esoteric topics as drone technology and a viral disease that spreads from mosquitoes to humans. “Some of those were looking for any emails that were coming in or going out that used @ and then a big defense name.
The short version
- Google won’t say how many organizations were compromised in this campaign.
- And all of these attacks began with the digital intruders somehow exploiting externally facing REDCap (Research Electronic Data Capture) servers.
- These servers are primarily used by universities, hospitals, and research institutions to build and manage online databases and surveys, and to store sensitive clinical research data.
- The earliest known intrusion happened in September 2023, when UNC6508 compromised a REDCap server belonging to a North American medical research institution.
What the source reports
McNamara told us that all of the intrusions followed this same pattern. Seeing (Infinite)Red After three months, the snoops silently deployed custom malware named InfiniteRed to capture legitimate REDCap login credentials. REG AD The malware includes three modular components. The first allows it to maintain persistent remote access by injecting its code into new REDCap versions after intercepting the upgrade process.
Why it matters
Then it injects a credential harvester into the authentication system file to compromise user accounts.
Summary by Nerd News Network. Read the full article at The Register — Networks via the links above and below.