- Chinese state-sponsored actors deploy Brickworm malware to infiltrate government and IT networks worldwide
- The malware targets VMware vSphere and Windows, enabling persistence, file manipulation and Active Directory compromise
- CISA warns of long-term espionage and sabotage risks; China denies accusations, calls US a “cyber bully”
Chinese state-sponsored threat actors have used Brickworm malware against government organizations around the world – maintaining access, exfiltrating files and eavesdropping.
This is stated in a joint report published by the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the Canadian Center for Cyber Security. The report outlines how the malware works, based on the analysis of eight samples from the victim’s network.
In this, it said that PRC hackers are targeting “government and information technology” organizations, without specifying who the victims are or where they are located. At the same time, Crowdstrike said it observed this being used against a government organization in the Asia-Pacific region.
Manipulation of files
To break into target networks, the threat actors would go after VMware vSphere and Windows systems.
“At the victim organization where CISA conducted an incident action, state-sponsored cyber actors in China gained long-term persistent access to the organization’s internal network in April 2024 and uploaded the BRICKSTORM malware to an internal VMware vCenter server,” CISA emphasized. It then added that the bad guys were going after Active Directory:
“They also gained access to two domain controllers and an Active Directory Federation Services (ADFS) server. They successfully compromised the ADFS server and exported cryptographic keys.”
Besides being able to maintain stealthy access, Brickwork also allowed them to access and manipulate all the files on the devices. In some cases, they were able to move laterally through the network, compromising even more devices.
For CISA’s acting director, Madhu Gottumukkala, the report underscores “the serious threats posed by the People’s Republic of China, which create ongoing cybersecurity exposures and costs for the United States, our allies, and the critical infrastructure we all depend on.”
“These state-sponsored actors are not just infiltrating networks – they embed themselves to enable long-term access, disruption and potential sabotage,” he said.
China has been credited with countless high-profile cyber attacks against countries in the West over the years. They were accused of going after telecommunications providers, critical infrastructure and government entities – interested in cyber espionage and potential disruption. In some cases, the attacks were planned and carried out years ago and were part of possible future war efforts against Taiwan.
However, the country’s representatives always vehemently denied all accusations and instead described the US as the biggest “cyber bully” in the world.
Via The record
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
