Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
Oct. 8, 2025, 4:09 p.m.
Description
Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is being used to maintain persistent access to victim organizations in the United States. Since March 2025, Mandiant Consulting has responded to intrusions across a range of industry verticals, most notably legal services, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and Technology. The value of these targets extends beyond typical espionage missions, potentially providing data to feed development of zero-days and establishing pivot points for broader access to downstream victims.
Tags
Date
- Created: Oct. 8, 2025, 3:21 p.m.
- Published: Oct. 8, 2025, 3:21 p.m.
- Modified: Oct. 8, 2025, 4:09 p.m.
Indicators
- b96145f83a8f391c40cf260a4dd45d661fd91e83
- 711097c1844d3737e9e840f0f419be23bc8f47f6
- 37544a1735dd2e4ecd41cca16273678414f9fc22
- 302662a77db55dfae75764418c8fa2445a2b5cc4
- 2c58aa9d2cd9bed1ce62915957eba6b56a2f82e0
- 207e23e1c19b47d68882a475e03a535b05ce3e07
- 0bb85c4344c3196496e5817424c80021f38d3c14
- 03a8b9f9ccf65cf7330f7fddb8c9084e2b783be7
- 009aa7db2e6cd294da1dac8df66fb1d880d6bf93
- aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878
- 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
- 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df