Cybersecurity Alert: Chinese Hackers Target Government and Tech Sectors with ‘Brickstorm’ Malware
Recent findings illuminate a pressing threat in the cybersecurity landscape, as hackers believed to be linked to China have expertly infiltrated several unnamed government and technology organizations, leveraging sophisticated malware known as “Brickstorm.” This alarming breach has been confirmed by cybersecurity experts from both the United States and Canada, who reported that the attackers exploited a backdoor to compromise systems utilizing the VMware vSphere cloud computing platform.
In a report released on December 4 by the Canadian Centre for Cyber Security, it was revealed that state-sponsored hackers from the People’s Republic of China maintained “long-term persistent access” to a victim’s internal networks. Their extensive intrusion allowed them to harvest sensitive credentials, alter critical files, and create unauthorized “hidden” virtual machines (VMs), all while remaining undetected. The cyber onslaught may have initiated as early as April 2024 and continued through September of this year.
The in-depth analysis conducted by the Canadian Cyber Centre—collaborating with the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA)—identified eight distinct samples of the Brickstorm malware. However, the precise number of targeted organizations remains elusive.
In response to the incident, Broadcom, the parent company of VMware vSphere, acknowledged awareness of the alleged hack and urged customers to install the latest security updates to safeguard their systems. Additionally, the Google Threat Intelligence Group has published its own findings on Brickstorm, advising firms to reexamine their threat models and implement proactive threat hunting exercises against suspected adversaries.
This incident sends a strong reminder of the complexities and ongoing challenges within the realm of cybersecurity. As these sophisticated cyber actors adapt and evolve, organizations must remain vigilant and proactive in defending against emerging threats.