Chinese-Based Hackers Target Government and Tech Entities with Brickstorm Malware
Advanced malware attributed to Chinese hackers has reportedly compromised several unnamed government and technology organizations, as confirmed by U.S. and Canadian cybersecurity experts. The attack utilized a sophisticated backdoor dubbed “Brickstorm,” specifically targeting entities employing the VMware vSphere cloud computing platform.
According to a December 4 report from the Canadian Centre for Cyber Security, state-sponsored hackers from the People’s Republic of China maintained prolonged and unauthorized access to an unidentified victim’s internal network. After breaching the platform, these cybercriminals were able to obtain sensitive credentials, manipulate important files, and establish “rogue, hidden VMs” (virtual machines), thereby gaining unnoticed control over the system.
This infiltration may have commenced as early as April 2024 and persisted until at least September of this year. The malware analysis report references eight distinct Brickstorm samples, though the total number of organizations affected remains unclear.
Broadcom, the parent company of VMware vSphere, acknowledged the reported breach and urged its clients to implement the latest security patches. Additionally, a report from the Google Threat Intelligence Group highlighted the need for organizations to reassess their threat models for cloud appliances and perform proactive security assessments in light of this incident.
