Tag: brickstorm

5 Attack Reports | 0 Vulnerabilities

Attack reports

F5 BIG-IP Source Code Leak Tied to State-Linked Campaigns Using BRICKSTORM Backdoor

A China-linked threat cluster, UNC5221, is actively targeting organizations using F5 BIG-IP following a confirmed breach of F5's internal development data. The stolen data includes portions of BIG-IP source code and vulnerability information, raising the risk of rapid 0-day discovery and weaponizat…
brickstorm
2025-10-24
f5 big-ip
Published: October 24, 2025
Linked vulnerabilities : CVE-2025-61882 (CVSS 9.8), CVE-2025-41430 (CVSS 8.7), CVE-2025-46706 (CVSS 8.7), CVE-2025-48008 (CVSS 8.7), CVE-2025-53474 (CVSS 8.7), CVE-2025-53521 (CVSS 8.7), CVE-2025-53856 (CVSS 8.7), CVE-2025-53868 (CVSS 8.5), CVE-2025-54479 (CVSS 8.7), CVE-2025-54854 (CVSS 8.7), CVE-2025-54858 (CVSS 8.7), CVE-2025-55036 (CVSS 8.7), CVE-2025-55669 (CVSS 8.7), CVE-2025-58096 (CVSS 8.2), CVE-2025-58120 (CVSS 8.7), CVE-2025-59478 (CVSS 8.7), CVE-2025-59781 (CVSS 8.7), CVE-2025-60016 (CVSS 8.7), CVE-2025-61938 (CVSS 8.7), CVE-2025-61951 (CVSS 8.7), CVE-2025-61955 (CVSS 8.5), CVE-2025-61960 (CVSS 8.7), CVE-2025-61974 (CVSS 8.7), CVE-2025-57780 (CVSS 8.5), CVE-2025-58071 (CVSS 8.7), CVE-2025-61935 (CVSS 8.7), CVE-2025-61990 (CVSS 8.7)
Downloadable IOCs: 3

Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | Google Cloud Blog

Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is being used to maintain persistent access to victim organizations in the United States. Since March 2025, Mandiant Consulting has responded to intrusions across a range of industry verticals, most notably legal…
linux
windows
zero-day
brickstorm
ssh
2025-10-08
unc5221
vpxd
backup scan
sentinel
silk typhoon
systemconfiguration
socks proxy
vcenter
Published: October 8, 2025
Downloadable IOCs: 12

Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors

Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is being used to maintain persistent access to victim organizations in the United States. Since March 2025, Mandiant Consulting has responded to intrusions across a range of industry verticals, most notably legal…
linux
windows
zero-day
brickstorm
ssh
2025-10-08
unc5221
vpxd
backup scan
sentinel
silk typhoon
systemconfiguration
socks proxy
vcenter
Published: October 8, 2025
Downloadable IOCs: 12

BRICKSTORM Backdoor Analysis: A Persistent Espionage Threat to European Industries

This analysis examines BRICKSTORM, an espionage backdoor linked to China-nexus cluster UNC5221. It details newly identified Windows variants, expanding on previous Linux presence. The backdoor, used in long-term espionage campaigns, targets European industries of strategic interest to China. BRICKS…
backdoor
espionage
brickstorm
evasion techniques
china-nexus
file management
2025-04-16
network tunneling
european industries
Published: April 16, 2025
Downloadable IOCs: 4

Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion

This report details a sophisticated cyber intrusion targeting MITRE's research network (NERVE) through the exploitation of Ivanti Connect Secure zero-day vulnerabilities. The threat actor, suspected to be UNC5221, initiated the attack by gaining unauthorized access and subsequently deploying variou…
persistence
CVE-2024-21887
CVE-2023-46805
2024-05-24
threat
lateral movement
wirefire
giftedvisitor
bushwalk
intrusion
cyberattack
beeflush
rootrot
brickstorm
Published: May 24, 2024
Downloadable IOCs: 4
Click here to see more Attack Reports