The Cybersecurity and Infrastructure Security Agency released new analysis of threat activity linked to Brickstorm malware, which has been used by a China-nexus threat group in a months-long campaign against multiple U.S. organizations.
CISA’s analysis included indicators of compromise and detection signatures for newly obtained Brickstorm samples, some of them based on the Rust programming language.
Evidence shows the malware’s ability to run in the background in order to evade detection, CISA warned, and demonstrates advanced command and control capabilities using encrypted WebSocket connections.
“Given the scope and complexity of the ongoing activity, CISA continues to collaborate with government, industry and international partners gathering new insights, performing technical analysis, and providing new details to the broader cybersecurity community as we discover them,” Nick Andersen, CISA’s executive assistant director for cybersecurity told Cybersecurity Dive. “The update to our report reflects ongoing efforts towards reducing risk resulting from this activity.”
CISA worked with the National Security Agency and Canadian Centre for Cybersecurity on the updated guidance.
Earlier this month, researchers at CrowdStrike warned of a China-nexus adversary tracked as Warp Panda deploying Brickstorm malware in attacks against multiple VMware vCenter environments, including legal, manufacturing and technology companies.
Warp Panda has exploited internet-facing edge devices in order to gain initial access before it targets vCenter environments. The threat actor has been able to maintain long-term persistence inside compromised networks. In one case, initial access was first gained in 2023.
“For defenders, the challenge is that Warp Panda exploits the space between identity, virtualization and cloud,” Adam Meyers, head of counter adversary operations at CrowdStrike told Cybersecurity Dive earlier this month.
Broadcom previously urged customers to maintain up-to-date patches and follow guidance for protecting vSphere environments.