Chinese-Linked Cyberattacks on Government and Tech Using 'Brickstorm'

Persistent Breach Over a Year

Hackers associated with China have reportedly managed to breach several unspecified government and technological entities with sophisticated malware. According to reports, cybersecurity officials from the United States and Canada confirmed the breach, employing a backdoor dubbed 'Brickstorm' to exploit organizations utilizing VMware's vSphere cloud computing services.

As outlined in a December 4 report by the Canadian Centre for Cyber Security, state-backed hackers from the People's Republic of China maintained sustained clandestine access to an undisclosed victim's internal network. Following the compromise of the targeted platform, these cyber criminals were able to obtain credential data, alter critical files, and construct hidden virtual machines, covertly taking control without detection. It's suspected the attack commenced as early as April 2024 and continued through at least September this year.

The comprehensive investigation highlighted in the Canadian Cyber Centre's malware analysis report, aided by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), identified eight variants of the Brickstorm malware. However, the total number of targeted or compromised organizations remains unclear.

Responses and Recommendations

A spokesperson for Broadcom, the parent company of VMware vSphere, acknowledged awareness of the suspected breach and advised their customers to implement the most current security updates whenever feasible. In addition, a September analysis by the Google Threat Intelligence Group on Brickstorm urged organizations to reassess their appliance threat models and proactively search for activities by these specific threat operatives.