#brickstorm

[ follow ]
#vmware-vsphere #unc5221 #cve-2026-22769 #dell-recoverpoint #grimbolt #elf-go-backdoor #persistence-and-stealth
fromTheregister
1 day ago

Dell 0-day exploited by suspected Chinese snoops since 2024

China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It's all part of a long-running effort to backdoor infected machines for long-term access, according to Dell and Google's Mandiant incident response team. The US government and Google first warned about this campaign last year after detecting Brickstorm backdoors in dozens of critical US networks.
Information security
Information security
fromIT Pro
2 months ago

Chinese hackers are using 'stealthy and resilient' Brickstorm malware to target VMware servers and hide in networks for months at a time

China-sponsored actors use Brickstorm ELF Go backdoor to gain stealthy, persistent access to critical infrastructure and VMware vSphere systems for lateral movement and credential theft.
Information security
fromSecuritymagazine
2 months ago

State-Sponsored Actors Leverage Backdoor Malware, CISA Warns

PRC-linked state-sponsored cyber actors use the BRICKSTORM backdoor to target VMware vSphere, ESXi, and Windows for long-term persistence and credential theft.
Information security
fromThe Hacker News
2 months ago

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

BRICKSTORM is a Golang backdoor used by PRC-linked threat actors to maintain stealthy, long-term access to VMware vSphere and Windows systems via diverse C2 protocols.
Information security
fromTheregister
2 months ago

PRC spies Brickstromed their way into critical US networks

China-backed cyber actors used Brickstorm to maintain long-term access to multiple critical networks, infecting systems across Linux/VMware/Windows and stealing data and cryptographic keys.
fromNextgov.com
2 months ago

China is using advanced 'Brickstorm' malware against government and IT orgs, US assesses

The NSA and the Cybersecurity and Infrastructure Security Agency have assessed that China is using an advanced malware family to access government agencies and technology companies, according to extensive findings made public Thursday. The malware analysis, coauthored with Canadian cyber authorities, reflects September threat intelligence produced by Google and underscores the extent of the efforts the hackers have gone to quietly plant themselves into victims' systems for long-term snooping and potential sabotage.
Information security
#unc5221
more#unc5221
Node JS
fromTechzine Global
10 months ago

Belgian security experts find Chinese espionage malware on Windows

BRICKSTORM malware, linked to UNC5221, targets European industries for espionage while remaining undetected over long periods.
[ Load more ]