CISA has revealed details of BRICKSTORM, a sophisticated backdoor used by Chinese state-sponsored threat actors to maintain long-term access on VMware vSphere and Windows systems. The malware is employed in targeting government and IT sectors, supporting covert command-and-control operations through various protocols and concealment techniques. #BRICKSTORM #WarpPanda
Keypoints
- BRICKSTORM is a Golang-based backdoor used by Chinese threat actors to target virtualization and Windows environments.
- The malware enables stealthy access, persistence, and secure command-and-control through multiple protocols and traffic concealment methods.
- Attacks often involve lateral movement via web shells, RDP, SMB, and exfiltration of cryptographic keys and Active Directory data.
- The hacking group Warp Panda has deployed BRICKSTORM in efforts to access VMware vCenter and cloud environments, maintaining covert persistence.
- Initial access exploits vulnerabilities and compromised edge devices, with attackers focusing on sensitive data and establishing resilient presence.
Read More: https://thehackernews.com/2025/12/cisa-reports-prc-hackers-using.html