Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
Essential information
- Published
- 08/10/2025 15:21
- Modified
- 08/10/2025 16:09
- Tags
- 2025-10-08 backup scan brickstorm linux sentinel silk typhoon socks proxy ssh systemconfiguration unc5221 vcenter vpxd windows zero-day
- Related entities
- 12 observables, 1 intrusion sets (apt), 12 techniques (mitre), 1 malware
Description
Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is being used to maintain persistent access to victim organizations in the United States. Since March 2025, Mandiant Consulting has responded to intrusions across a range of industry verticals, most notably legal services, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and Technology. The value of these targets extends beyond typical espionage missions, potentially providing data to feed development of zero-days and establishing pivot points for broader access to downstream victims.