BRICKSTORM
-
China-linked group exploited Dell RecoverPoint zero-day
Researchers found UNC6201 exploiting a hardcoded-password zero-day in Dell RecoverPoint for VMs since mid-2024, enabling root access. A vendor advisory and patch were issued. The campaign shifted from Brickstorm to a stealthier Grimbolt backdoor.
-
CISA details BRICKSTORM backdoor used by PRC-linked hackers against vSphere and Windows environments
CISA has published technical details of BRICKSTORM, a Golang backdoor used by PRC-linked threat actors to maintain stealthy, long-term access to VMware vSphere and Windows environments; CrowdStrike and other firms link the tool to UNC5221 and Warp Panda, while the Chinese embassy has denied the allegations.
-
China-linked BRICKSTORM attackers conduct long-running espionage campaign against U.S. tech firms, Mandiant says
Mandiant identifies BRICKSTORM, a China-linked threat group running a long-running espionage campaign against U.S. tech firms, using a Go-based malware to target Linux and BSD systems, with a focus on SaaS providers and other high-value targets, and urges vendors to adopt zero-trust architectures.
