#brickstorm — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #brickstorm, aggregated by home.social.
-
„#Brickstorm“-Hintertür in #VMwarevSphere: Warnung vor Angriff aus #China 🇨🇳 | Security https://www.heise.de/news/Brickstorm-Hintertuer-in-VMware-vSphere-Warnung-vor-Angriff-aus-China-11103648.html #VMware #vSphere
-
"Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is being used to maintain persistent access to victim organizations in the United States. Since March 2025, Mandiant Consulting has responded to intrusions across a range of industry verticals, most notably legal services, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and Technology. The value of these targets extends beyond typical espionage missions, potentially providing data to feed development of zero-days and establishing pivot points for broader access to downstream victims.
We attribute this activity to UNC5221 and closely related, suspected China-nexus threat clusters that employ sophisticated capabilities, including the exploitation of zero-day vulnerabilities targeting network appliances. While UNC5221 has been used synonymously with the actor publicly reported as Silk Typhoon, GTIG does not currently consider the two clusters to be the same.
These intrusions are conducted with a particular focus on maintaining long-term stealthy access by deploying backdoors on appliances that do not support traditional endpoint detection and response (EDR) tools. The actor employs methods for lateral movement and data theft that generate minimal to no security telemetry. This, coupled with modifications to the BRICKSTORM backdoor, has enabled them to remain undetected in victim environments for 393 days, on average. Mandiant strongly encourages organizations to reevaluate their threat model for appliances and conduct hunt exercises for this highly evasive actor. We are sharing an updated threat actor lifecycle for BRICKSTORM associated intrusions, along with specific and actionable steps organizations should take to hunt for and protect themselves from this activity."
https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign?e=48754805
#CyberSecurity #China #Surveillance #Brickstorm #Malware #USA #ZeroDays
-
China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware https://hackread.com/china-hackers-hit-us-tech-firms-brickstorm-malware/ #Cybersecurity #Vulnerability #CyberAttack #BRICKSTORM #Security #Mandiant #Malware #UNC5221 #Google #China #Linux #0day #SaaS
-
Google China-linked hackers (#UNC5221) are targeting US SaaS and tech firms using the new BRICKSTORM malware, exploiting zero-day flaws, Mandiant has found.
Read: https://hackread.com/china-hackers-hit-us-tech-firms-brickstorm-malware/
-
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
#BRICKSTORM #UNC5221
https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign -
Chinese threat actor UNC5221 has significantly upgraded their BRICKSTORM malware with triple-layer encryption that renders most security monitoring ineffective, according to NVISO Security. Now targeting both Linux and Windows environments, this sophisticated threat uses traffic tunneling instead of direct command execution to avoid detection. European strategic industries are primary targets.
#SecurityLand #CyberWatch #CyberSecurity #ThreatIntelligence #APT #Brickstorm