U.S. and Canadian cybersecurity agencies warn that China-sponsored threat actors are exploiting BRICKSTORM malware to compromise VMware vSphere environments and gain long-term access. These attacks primarily target government and IT sectors, enabling threat actors to steal data and create rogue VMs. #BRICKSTORM #PRCThreatActors
Keypoints
- Chinese-backed hackers are using BRICKSTORM malware to target VMware vSphere and Windows environments.
- The malware allows persistent, stealthy access, including command and control capabilities via DNS-over-HTTPS.
- Attackers gained access through a web shell on a DMZ web server and used RDP to move laterally within the network.
- They compromised critical servers, including domain controllers and the ADFS server, and stole cryptographic keys.
- Organizations are advised to monitor for indicators of compromise and implement network segmentation and traffic controls.
Read More: https://thecyberexpress.com/cisa-prc-hackers-target-vmware-with-brickstorm/