Chinese state-sponsored hackers are deploying the sophisticated BRICKSTORM malware to infiltrate government and IT sectors worldwide, maintaining long-term access for espionage and data theft. Cybersecurity agencies and firms have issued warnings and indicators of compromise, emphasizing the threat’s persistence and stealthy nature. #BRICKSTORM #PRCcyberactors
Keypoints
- BRICKSTORM is a stealthy, long-term backdoor malware linked to Chinese cyber actors.
- The malware targets VMware vSphere and Windows environments, compromising critical systems.
- Hackers gain administrative access, exfiltrate cryptographic keys, and establish hidden virtual machines.
- The campaign aims to steal intellectual property and sensitive data, especially from senior executives’ email inboxes.
- Multiple cybersecurity firms, including CISA, NSA, Crowdstrike, and Mandiant, have detected ongoing intrusions since 2023.
Read More: https://therecord.media/cisa-nsa-warn-brickstorm-china