US EditionPRC Spies Brickstromed Their Way Into Critical US Networks
PRC-backed cyber groups infected over 30 US organizations using Brickstorm malware to steal data and maintain access in critical infrastructure, cybersecurity firms report.
- On Thursday, government cybersecurity teams warned that PRC-backed actors infected at least eight government services and IT organizations with Brickstorm malware, maintaining long-term access and stealing data.
- CrowdStrike attributed the backdoor to Warp Panda active since at least 2022, while Mandiant has responded since March and CISA's Nick Andersen called Brickstorm "a terribly sophisticated piece of malware".
- Using Brickstorm, operators tunneled traffic to replay user sessions for Microsoft 365 access and pivoted to VMware vCenter and ESXi environments, deploying Junction and GuestConduit implants.
- Following vendor reports, Google Threat Intelligence Group urged running Mandiant's open-source scanner on GitHub, while Broadcom officials advised customers to patch VMware software and secure vSphere environments.
- On numerous occasions, Palo Alto Networks' Unit 42 observed UNC5221 planting custom backdoors, hindering detection and enabling long-term access, as Renals stated.
9 Articles
9 Articles
PRC spies Brickstromed their way into critical US networks
'Dozens' of US orgs infected Chinese cyberspies maintained long-term access to critical networks – sometimes for years – and used this access to infect computers with malware and steal data, according to Thursday warnings from government agencies and private security firms.…
Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits a high level of technical sophistication, advanced operations security (OPSEC) skills, and extensive knowledge of cloud and virtual machine (VM) environments. In addition to BRICKSTORM, WARP PANDA has also deployed …
China Hackers Using Brickstorm Backdoor to Target Government, IT Entities
Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to a report by U.S. and Canadian security offices. The post China Hackers Using Brickstorm Backdoor to Target Government, IT Entities appeared first on Security Boulevard.
On 4 December 2025, the US cybersecurity agency CISA published an alarming report on the malicious software BRICKSTORM. This back door, attributed to Chinese state-sponsored cyber actors, would have allowed for infiltration and continued access within several government organisations.
The Hacker News
unsafe.shCISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China (PRC) to maintain long-term persistence on compromised systems. "BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments," the agency said. "
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
