The Cybersecurity and Infrastructure Security Agency, NSA, and Canadian Centre for Cyber Security released an updated report on the BRICKSTORM backdoor, revealing new malware samples and detection methods. They emphasize the importance of deploying new IOCs and signatures to identify and respond to BRICKSTORM infections effectively. #BRICKSTORM #WebSocket #YARARules
Keypoints
- The update includes new indicators of compromise for BRICKSTORM malware, including Rust-based samples.
- BRICKSTORM demonstrates advanced techniques like running as background services for persistence.
- The malware uses encrypted WebSocket connections for enhanced command and control capabilities.
- Organizations are advised to deploy new YARA detection signatures and scan for infections.
- Incident reporting to CISAβs Operations Center is recommended if BRICKSTORM activity is detected.