Majority of Internet-Accessible REDCap Servers Outdated
Summary
A significant majority of internet-accessible REDCap servers are running outdated versions, making them prime targets for threat actors. A China-linked group, UNC6508, is specifically exploiting these vulnerabilities for initial access and to deploy backdoors.
IFF Assessment
FOE
Outdated and vulnerable servers create easy entry points for attackers, posing a direct risk to data security and system integrity.
Defender Context
This highlights a widespread vulnerability in a critical research data management system. Defenders should prioritize patching REDCap servers and implementing network segmentation to limit the impact of potential compromises. Monitoring for indicators of compromise associated with UNC6508 activity is also crucial.