Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research

A China-nexus threat actor, UNC6508, targeted North American medical, military, and academic research institutions for over a year, compromising web applications, deploying malware, and exfiltrating sensitive data. The threat actor had broad collection aspirations, including defense intelligence, AI, and medical research. GTIG disrupted the malicious infrastructure and notified affected organizations. Users are encouraged to follow best practices for third-party IdP and enable 2SV. Remediation assistance was offered to affected organizations.