- Chinese state-sponsored actors deploy Brickworm malware to infiltrate government and IT networks around the world
- Malware targets VMware vSphere and Windows, enabling persistence, file manipulation and Active Directory compromise
- CISA warns of long-term risks of espionage and sabotage; China denies accusations, calling US a ‘cyber bully’
Chinese state-sponsored threat actors are using Brickworm malware against government organizations around the world, maintaining access, exfiltrating files, and carrying out eavesdropping.
This is according to a joint report published by the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the Canadian Center for Cyber Security. The report describes how the malware works based on the analysis of eight samples obtained from victim networks.
In it, it was stated that PRC hackers are targeting “government and IT” organizations, without specifying who the victims are or where they are located. At the same time, Crowdstrike said it observed this being used against a government organization in the Asia-Pacific region.
File handling
To penetrate target networks, malicious actors would turn to VMware vSphere and Windows systems.
“At the victim organization where CISA conducted an incident response mission, PRC state-sponsored cyber actors gained long-term persistent access to the organization’s internal network in April 2024 and uploaded BRICKSTORM malware to an internal VMware vCenter server,” CISA noted. He then added that the scammers had opted for Active Directory:
“They also gained access to two domain controllers and an Active Directory Federation Services (ADFS) server. They managed to compromise the ADFS server and export cryptographic keys.”
In addition to being able to maintain stealth access, Brickwork also allowed them to access and manipulate all files present on the devices. In some cases, they were able to move laterally across the network, compromising even more devices.
Acting CISA Director Madhu Gottumukkala said the report “underscores the serious threats posed by the People’s Republic of China that create ongoing cybersecurity risks and costs for the United States, our allies, and the critical infrastructure on which we all depend.”
“These state-sponsored actors don’t just infiltrate networks: they implant themselves to enable long-term access, disruption and potential sabotage,” he said.
China has been blamed for countless high-profile cyberattacks against Western countries over the years. They have been accused of preying on telecommunications providers, critical infrastructure and government entities, interested in cyberespionage and potential disruption. In some cases, the attacks were planned and carried out years ago and were part of possible future war efforts against Taiwan.
However, the country’s representatives have always vehemently denied all accusations, instead calling the United States the world’s biggest “cyber bully.”
Via The file
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
