A threat actor with Chinese nexus exploited exposed REDCap servers to install InfiniteRed malware and exfiltrate sensitive data from a North American medical organization. REDCap is widely deployed research data management software used across healthcare and academic institutions. The attack demonstrates ongoing targeting of research infrastructure by state-sponsored groups seeking intellectual property and medical data.

Why it matters in Western Canada: REDCap is heavily adopted by Canadian universities, healthcare systems, and research centers across Western Canada. This breach highlights the risk to post-secondary and healthcare organizations in the region that rely on REDCap for clinical research and may have exposed instances.

---

Summary generated from the original advisory. Read the full source: bleepingcomputer