What is REDCap, and why did hackers target it?

REDCap is a platform for managing medical and scientific research data. Hackers target such systems because they contain valuable sensitive information, including research results and patient personal data.

What malware did the attackers use?

The attack involved deploying InfiniteRed malware, designed to steal data and gain unauthorized access to systems. Its origins are linked to Chinese cyber groups.

How can organizations protect REDCap servers from such attacks?

Organizations should regularly update software, implement multi-factor authentication, restrict server access, and conduct security audits. Training employees in cyber hygiene is also critical.

← All news

Security

Chinese Hackers Breach REDCap Servers, Steal Medical Research Data

June 15, 2026

Photo: BleepingComputer

Quick answer

Chinese hackers breached REDCap servers by deploying InfiniteRed malware to steal medical research data from North American institutions.

A China-linked hacker group launched a targeted cyberattack on REDCap servers, which are used for collecting and managing medical research data. As a result of the attack, the threat actors deployed the InfiniteRed malware, enabling them to access sensitive information from a North American institution.

Cybersecurity experts note that the attack succeeded due to vulnerabilities in REDCap server configurations. Hackers exploited unsecured portals to infiltrate the system and deploy malicious code. The primary target of the attack was medical research data, which may be of interest to both government and commercial entities.

The incident underscores the growing threat to organizations handling sensitive information. Experts recommend strengthening security measures, including regular software updates, network activity monitoring, and employee training in cybersecurity fundamentals. Special attention should be given to systems storing research data, as they become increasingly attractive targets for cybercriminals.

Common questions

What is REDCap, and why did hackers target it?: REDCap is a platform for managing medical and scientific research data. Hackers target such systems because they contain valuable sensitive information, including research results and patient personal data.
What malware did the attackers use?: The attack involved deploying InfiniteRed malware, designed to steal data and gain unauthorized access to systems. Its origins are linked to Chinese cyber groups.
How can organizations protect REDCap servers from such attacks?: Organizations should regularly update software, implement multi-factor authentication, restrict server access, and conduct security audits. Training employees in cyber hygiene is also critical.

Dzen feed: /feed/dzen.xml · RSS: /feed.xml