Chinese state-sponsored cyber actors are using the BRICKSTORM malware to infect U.S. government entities and private companies, gaining long-term access to victim systems, the Cybersecurity & Infrastructure Security Agency (CISA) said in an alert on Dec. 4.
CISA, the National Security Agency (NSA), and the Canadian Cyber Security Centre issued a joint Malware Analysis report detailing the threat posed by the malware.
BRICKSTORM provides hackers with a sophisticated backdoor into systems running Windows and VMware vSphere.
According to the joint report, CISA analyzed eight BRICKSTORM samples obtained from victim organizations.
“All analyzed samples enable cyber actors to maintain stealthy access,” it said….