🎯Basically, a new report shows that hackers from China are using a malware called Brickstorm to stay hidden in computer systems.
What Happened
The Canadian Centre for Cyber Security has collaborated with the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) to release a detailed analysis of the Brickstorm malware. This report highlights the ongoing threat posed by state-sponsored actors from the People’s Republic of China (PRC) who are leveraging this sophisticated backdoor for long-term persistence on compromised systems.
Who's Being Targeted
Brickstorm malware has primarily been observed targeting government services and information technology sector organizations. Its deployment indicates a strategic focus on critical infrastructure, raising alarms about national security implications.
How It Works
Brickstorm is a sophisticated backdoor designed for Linux environments, specifically targeting VMware vCenter servers and VMKernel (VMware ESXI). Once attackers gain access, they can manipulate virtual machines (VMs) and extract sensitive data, such as cloned VM snapshots, which can lead to credential theft. They can even create rogue VMs that remain hidden from the management console, allowing for undetected operations.
Indicators of Compromise
The joint report provides vital indicators of compromise (IoCs) and detection signatures derived from the analysis of Brickstorm samples. Organizations are urged to utilize these IoCs to identify potential infections within their systems. These detection signatures are crucial for recognizing the presence of Brickstorm malware and mitigating its impact.
What You Should Do
Organizations, especially those in the government and IT sectors, should: By taking these proactive measures, organizations can better protect themselves against the persistent threat posed by Brickstorm and similar malware.
Detection
- 1.Review the joint report for IoCs and detection signatures.
- 2.Implement monitoring systems to detect Brickstorm malware activity.
Removal
- 3.Conduct regular security assessments to ensure systems are not compromised.
- 4.Stay updated on threat intelligence related to state-sponsored cyber activities.
🔒 Pro insight: The use of Brickstorm malware highlights the evolving tactics of state-sponsored actors, emphasizing the need for enhanced cybersecurity measures in critical infrastructure.
