| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UNC6508 is a PRC-nexus threat actor targeting North American academic, medical, and military research institutions, employing tactics such as exploiting REDCap servers and deploying custom malware named INFINITERED. The actor utilized credential harvesting, internal reconnaissance, and a web shell named "help.php" for persistence. They also manipulated content compliance rules for covert data exfiltration, forwarding sensitive email communications to a threat actor-controlled Gmail address. GTIG attributes this espionage activity to UNC6508 with high confidence, based on infrastructure overlaps and specific targeting of defense and medical research sectors.
There are currently no families associated with this actor.
| 2026-06-15
⋅
Google
⋅
"Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research UNC6508 |