The Cybersecurity and Infrastructure Security Agency has issued a malware analysis report on BRICKSTORM, a sophisticated backdoor linked to Chinese state-sponsored cyber operations.
Released in December 2025 and updated through January 2026, the report identifies this threat targeting VMware vSphere platforms, specifically vCenter servers and ESXi environments.
Organizations in government services and information technology sectors face the highest risk from these attacks.
BRICKSTORM represents a serious threat because it enables attackers to maintain long-term access to compromised systems without detection.
The malware primarily affects virtualized environments, where it can remain hidden while threat actors steal sensitive data, clone virtual machines, and move laterally through networks.
Once installed, BRICKSTORM operates silently in the background, automatically reinstalling itself if removed.
The report examines eleven…