SYMBOLCOMMON_NAMEaka. SYNONYMS

UNC6508  (Back to overview)


UNC6508 is a PRC-nexus threat actor targeting North American academic, medical, and military research institutions, employing tactics such as exploiting REDCap servers and deploying custom malware named INFINITERED. The actor utilized credential harvesting, internal reconnaissance, and a web shell named "help.php" for persistence. They also manipulated content compliance rules for covert data exfiltration, forwarding sensitive email communications to a threat actor-controlled Gmail address. GTIG attributes this espionage activity to UNC6508 with high confidence, based on infrastructure overlaps and specific targeting of defense and medical research sectors.


Associated Families

There are currently no families associated with this actor.


References
2026-06-15GoogleJohn McGuiness, Patrick Whitsell
"Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research
UNC6508

Credits: MISP Project