The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Canadian Centre for Cyber Security (Cyber Centre) issued a joint advisory today, warning of a sophisticated new malware campaign orchestrated by People’s Republic of China (PRC) state-sponsored cyber actors.
The advisory details “BRICKSTORM,” a formidable backdoor designed to establish long-term persistence within critical government and information technology networks, specifically targeting VMware vSphere and Windows environments.
BRICKSTORM is described as a custom Go-based backdoor that employs advanced tradecraft to evade detection while granting attackers total control over compromised systems.
BRICKSTORM Attacking VMware ESXi and Windows
Unlike run-of-the-mill malware, BRICKSTORM is engineered for deep integration into virtualized infrastructure. It targets VMware vCenter servers and ESXi hosts, allowing threat actors to…
