US EditionOfficials Warn About Expansive, Ongoing China Espionage Threat Riding on Brickstorm Malware
Chinese-linked hackers used Brickstorm malware to infiltrate VMware vSphere networks, maintaining access from April to September for espionage and potential sabotage, US and Canadian agencies said.
- On Dec 4, U.S. and Canadian cybersecurity agencies said Chinese-linked hackers used Brickstorm to penetrate unnamed government and IT entities, targeting VMware vSphere environments, Broadcom's VMware confirmed awareness.
- CrowdStrike and GTIG traced the campaign to at least 2022, with Chinese-linked state-backed hackers embedding for long-term access, disruption, and potential sabotage amid tradecraft evolution and multi-cloud targeting.
- CISA's analysis, based on eight Brickstorm samples, showed implants Junction and GuestConduit written in Golang stole Active Directory credentials to reach VMware vCenter.
- Dozens of U.S. organizations have been affected, researchers said, while vendors urged customers to apply patches and tighten operational security; Mr Liu Pengyu rejected the allegations.
- Adam Meyers warned the campaign reflects expanded infrastructure and tooling, exploiting edge devices and appliances where detection is insufficient, blending espionage and IP theft in multi-cloud environments and posing long-term national-security and economic risks.
10 Articles
10 Articles
Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware
Cybersecurity authorities and threat analysts unveiled alarming details Thursday about a suspected China state-sponsored espionage and data theft campaign that Google previously warned about in September. The outlook based on their limited visibility into China’s sustained ability to burrow into critical infrastructure and government agency networks undetected, dating back to at least 2022, is grim. “State-sponsored actors are not just infiltrat…
Chinese-Linked Hackers Use Back Door for Potential 'Sabotage,' US and ...
Chinese hackers reportedly targeting government entities using 'Brickstorm' malware - WorldNL Magazine
Hackers with links to China reportedly successfully infiltrated a number of unnamed government and tech entities using advanced malware. As reported by Reuters, cybersecurity agencies from the US and Canada confirmed the attack, which used a backdoor known as “Brickstorm” to target organizations using the VMware vSphere cloud computing platform.As detailed in a report published by the Canadian Centre for Cyber Security on December 4, PRC state-s…
Cybersecurity agencies for the United States and Canada are issuing an alert about BRICKSTORM malware. It is attributed to Chinese state actors.
The CISA and the NSA warn against a sophisticated attack on VMware technology, which could secure long-term access for Chinese players.
Coverage Details
Bias Distribution
- 50% of the sources lean Right
Factuality
To view factuality data please Upgrade to Premium
