Chinese Hackers Deploy BrickStorm Backdoor Globally

The U.S. Cybersecurity and Infrastructure Security Agency, NSA, and Canadian Centre issued a joint advisory on BrickStorm, a custom backdoor used by Chinese state-linked hackers since at least 2022. The malware targets VMware vSphere and Windows environments, enabling credential theft, VM cloning, and monthslong persistence including a 393-day breach at a U.S. firm and an F5 incident. Agencies urge patching, MFA, segmentation, and threat hunting to prevent sabotage.
Key Points
- 1Identify that state-linked Chinese actors deploy BrickStorm backdoor across VMware and Windows environments since at least 2022.
- 2Warn that stealthy rootkit-like persistence enables long-term espionage and potential sabotage of critical infrastructure.
- 3Advise practitioners to patch VMware, enable MFA, segment networks, and hunt indicators of compromise immediately.
Scoring Rationale
Official joint advisories and clear mitigations drive a top score, though the campaign extends known state-sponsored espionage techniques.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

