Canada, US warn of China’s BRICKSTORM malware after incident response efforts
Canada, US warn of China’s BRICKSTORM malware after incident response efforts
CISA, NSA warn of China’s BRICKSTORM malware after incident response efforts
Here is the original Cisa report: BRICKSTORM Backdoor
...
Chinese hackers are using a strain of malware to attack governments in several countries and maintain long-term access, according to U.S. and Canadian cybersecurity officials.
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Canadian Centre for Cyber Security published an advisory on Thursday outlining the BRICKSTORM malware based off an analysis of eight samples taken from victim organizations.
...
“BRICKSTORM is a sophisticated and stealthy backdoor malware linked to PRC state-sponsored cyber actors,” said CISA Executive Assistant Director for Cybersecurity Nick Andersen.
The advisory includes indicators of compromise and detections organizations can use to tell if they have been impacted by the campaign involving the malware. The malware is used “for long-term persistence on victim systems,” according to U.S. agencies.
...
The goal of the campaign is to steal valuable intellectual property and sensitive data — with a particular focus on the email inboxes of senior company leaders, according to Mandiant. The company attributed the campaign to a threat actor they previously accused of abusing vulnerabilities in firewall products from tech company Ivanti.
...