This analysis examines BRICKSTORM, an espionage backdoor linked to China-nexus cluster UNC5221. It details newly identified Windows variants, expanding on previous Linux presence. The backdoor, used in long-term espionage campaigns, targets European industries of strategic interest to China. BRICKSTORM provides file management and network tunneling capabilities, using multiple layers of encryption and leveraging cloud providers to evade detection. The analysis covers the backdoor's inner workings, including its command and control infrastructure, protocol details, and evasion techniques. It highlights the persistent nature of these intrusions and the challenges they pose to defensive measures. The document concludes with recommendations for detection and mitigation strategies.