The New Oil2d ago

Chinese #APT deploys new #malware to keep access to hacked networks

https://www.bleepingcomputer.com/news/security/chinese-apt-deploys-new-malware-to-keep-access-to-hacked-networks/

#China #cybersecurity #UNC5221 #Brickstorm #Planet #AgentPSD #VerdantBamboo

Chinese APT deploys new malware to keep access to hacked networks

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD.

BleepingComputer
The Threat Codex2d ago
VerdantBamboo: Just Another BRICKSTORM in the Firewall
#VerdantBamboo #Plenet #AGENTPSD #BRICKSTORM
https://www.volexity.com/blog/2026/06/04/verdantbamboo-just-another-brickstorm-in-the-firewall/
VerdantBamboo: Just Another BRICKSTORM in the Firewall

In September 2025, Volexity conducted an incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine appliance on a customer’s network. The virtual machine was an Egnyte Storage Sync system, which is designed to facilitate sync local on-premise files with the cloud. Volexity discovered that instead of connecting to a domain affiliated with Egnyte, the appliance was connecting to a threat-actor-controlled domain behind Cloudflare IP addresses.

Volexity