UNC6508 exploited the ability to run legacy REDCap versions in parallel with current installations to monitor research institutions in the USA and Canada for over a year using the INFINITERED framework.
Attackers remained undetected for five months in a stock exchange executive’s mailbox and exfiltrated data via popular cloud services to evade detection.