UNC6508 exploited the ability to run legacy REDCap versions in parallel with current installations to monitor research institutions in the USA and Canada for over a year using the INFINITERED framework.
Attackers remained hidden in research networks for over a year and diverted research and defense emails through configured Google Workspace rules instead of using classic exfiltration channels.