US EditionOfficials Warn About Expansive, Ongoing China Espionage Threat Riding on Brickstorm Malware
Chinese-linked hackers used Brickstorm malware to infiltrate VMware vSphere networks, maintaining access from April to September for espionage and potential sabotage, US and Canadian agencies said.
- On Dec 4, U.S. and Canadian cybersecurity agencies said Chinese-linked hackers used Brickstorm to penetrate unnamed government and IT entities, targeting VMware vSphere environments, Broadcom's VMware confirmed awareness.
- CrowdStrike and GTIG traced the campaign to at least 2022, with Chinese-linked state-backed hackers embedding for long-term access, disruption, and potential sabotage amid tradecraft evolution and multi-cloud targeting.
- CISA's analysis, based on eight Brickstorm samples, showed implants Junction and GuestConduit written in Golang stole Active Directory credentials to reach VMware vCenter.
- Dozens of U.S. organizations have been affected, researchers said, while vendors urged customers to apply patches and tighten operational security; Mr Liu Pengyu rejected the allegations.
- Adam Meyers warned the campaign reflects expanded infrastructure and tooling, exploiting edge devices and appliances where detection is insufficient, blending espionage and IP theft in multi-cloud environments and posing long-term national-security and economic risks.
17 Articles
17 Articles
US, Canada Warn of China-Backed Hackers Targeting Government Entities
Chinese state-sponsored cyber actors are using the BRICKSTORM malware to infect U.S. government entities and private companies, gaining long-term access to victim systems, the Cybersecurity & Infrastructure Security Agency (CISA) said in an alert on Dec. 4. CISA, the National Security Agency (NSA), and the Canadian Cyber Security Centre issued a joint Malware Analysis report detailing the threat posed by the malware. BRICKSTORM provides hackers …
Chinese hackers reportedly targeting government entities using 'Brickstorm' malware
Hackers with links to China reportedly successfully infiltrated a number of unnamed government and tech entities using advanced malware. As reported by Reuters, cybersecurity agencies from the US and Canada confirmed the attack, which used a backdoor known as “Brickstorm” to target organizations using the VMware vSphere cloud computing platform. As detailed in a report published by the Canadian Centre for Cyber Security on December 4, PRC state-…
Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware
Cybersecurity authorities and threat analysts unveiled alarming details Thursday about a suspected China state-sponsored espionage and data theft campaign that Google previously warned about in September. The outlook based on their limited visibility into China’s sustained ability to burrow into critical infrastructure and government agency networks undetected, dating back to at least 2022, is grim. “State-sponsored actors are not just infiltrat…
Chinese-Linked Hackers Use Back Door for Potential 'Sabotage,' US and ...
Chinese-Linked Hackers Use Backdoor For Potential 'Sabotage,' US and Canada Say
U.S. and Canadian cybersecurity agencies say Chinese-linked actors deployed "Brickstorm" malware to infiltrate critical infrastructure and maintain long-term access for potential sabotage. Reuters reports: The Chinese-linked hacking operations are the latest example of Chinese hackers targeting cri...
Coverage Details
Bias Distribution
- 50% of the sources lean Right
Factuality
To view factuality data please Upgrade to Premium
