Suspected Chinese hackers have employed the Brickstorm malware for long-term espionage against U.S. organizations in the technology and legal sectors. This stealthy malware campaign exploits zero-days in edge devices, maintaining dwell times over a year to exfiltrate sensitive data. #Brickstorm #UNC5221
Keypoints
- Brickstorm is a Go-based backdoor used for espionage in targeted attacks.
- Victims include organizations in the legal, technological, SaaS, and BPO sectors.
- The malware can hide communication as legitimate traffic, making detection difficult.
- Attackers exploited zero-day vulnerabilities in edge devices like VMware vCenter and ESXi.
- Google and Mandiant provide tools and rules to help detect Brickstorm activity, though detection may not be foolproof.