Suspected Chinese hackers have employed the Brickstorm malware in long-term espionage operations targeting U.S. organizations in the tech and legal sectors. This malware’s use of stealth tactics and ability to persist undetected for over a year highlight the evolving sophistication of state-sponsored cyber threats. #Brickstorm #UNC5221
Keypoints
- Brickstorm is a Go-based backdoor used for espionage and data exfiltration.
- It remained undetected inside victim networks for an average of 393 days.
- The malware is deployed on edge devices like VMware vCenter/ESXi endpoints without EDR support.
- Attackers exploited zero-day vulnerabilities and used cloaking techniques to hide their activities.
- Mandiant has provided a scanner script, but detection of all variants is not guaranteed.