Summary: NVISO reports on BRICKSTORM, a stealthy backdoor linked to the Chinese threat group UNC5221, which has evolved to target Windows systems after prior Linux-based attacks. This espionage tool employs sophisticated techniques for persistence and command-and-control communication while remaining undetected for extended periods. The report highlights the urgent need for enhanced security measures in at-risk sectors, especially given BRICKSTORM’s advanced evasion tactics.
Affected: Organizations within European strategic sectors
Keypoints :
- BRICKSTORM utilizes a multi-tiered architecture with a focus on evading endpoint detection tools.
- It features capabilities for file management and network tunneling while using DNS over HTTPS to bypass monitoring.
- The report outlines key defensive measures, including blocking specific DNS providers and implementing TLS inspection procedures.
Source: https://securityonline.info/brickstorm-backdoor-targets-european-industries/