THREAT OPS › Threat News › Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research
Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research
<div class="block-paragraph_advanced"><p>Written by: Patrick Whitsell, John McGuiness</p> <hr /></div> <div class="block-paragraph_advanced"><p><span style="vertical-align: baseline;">Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PRC)-nexus threat actor, targeting institutions in the North American academic, med
MITRE ATT&CK techniques
- Artificial IntelligenceT1588.007
- IP AddressesT1590.005
- Email CollectionT1114
- Downgrade AttackT1689
- Application Layer ProtocolT1071
- Exploit Public-Facing ApplicationT1190
- Credentials from Password StoresT1555
- Exfiltration Over Web ServiceT1567
- Web ShellT1505.003
- Web Portal CaptureT1056.003
- Email AddressesT1589.002
- Automated ExfiltrationT1020
- Email Forwarding RuleT1114.003
- Web ServiceT1102
- Compromise Host Software BinaryT1554
- Multi-hop ProxyT1090.003
- Obfuscated Files or InformationT1027
- Input CaptureT1056
- CredentialsT1589.001
- Data from Information RepositoriesT1213
- Server Software ComponentT1505
- Web ProtocolsT1071.001
- Data from Information RepositoriesAML.T0036
- Exploit Public-Facing ApplicationAML.T0049
Indicators of compromise
- f3a266bed2b73690459e30a2e52e5afd4bc36ea83197ab8bf3d5cb17095a7eefsha256
- ba6b73b0ca0dc7f86b3b397893ac32d729fd53f9df20643288f141f29d020af7sha256
- db65c1b9f9e4cb4d729f45ad4b6fcf3e277caf9eb4c875425dec93fd883f9136sha256
- c1ac43d23f89d41eb4ff131678ab562ab2cfed9aa334b13767ef141d303b0e5bsha256
- 8f0158855a656b629ca76ebca565f18bc25563ded34b65d6771632c20edb68ecsha256
- 51a57bfc9ed3eb6451c1c289607814d59e1698c666fb97ac5f694c398f23d045sha256
- 4efbef69eb3b09bacff892d6a55778d07c418e7f15eba3cf1245e8cdfd8dda0bsha256
- 58bb25777e0aa86bcd2125101e0bca4e8732b03d91bd8d2f205b446a2a8d5c86sha256
- http://project-redcap.orgurl
- https://www.unmc.edu/healthsecurity/transmission/2025/09/30/explosive-chikungunya-virus-outbreak-in-china/url
- https://www.virustotal.com/gui/collection/f3a266bed2b73690459e30a2e52e5afd4bc36ea83197ab8bf3d5cb17095a7eefurl
- bebitabarefoot774@gmail.comemail
- 23.169.65.49ipv4