CyberSecureFox 5d ago

VerdantBamboo Targets MSPs via BRICKSTORM Backdoor

🔗 https://cybersecurefox.com/en/verdantbamboo-brickstorm-msp-supply-chain

#VerdantBamboo #BRICKSTORM #PLENET #AGENTPSD #Egnyte #Storage #Sync

VerdantBamboo Targets MSPs Via BRICKSTORM Backdoor

Researchers at Volexity have published a report on a cyber-espionage campaign in which a group believed to be linked to China and tracked as VerdantBamboo

CyberSecureFox
Anto 🕵️👾Jun 7

BRICKSTORM case from Volexity: a clear reminder that edge appliances, MSP access and trusted network paths can become long-term blind spots for cloud compromise.

https://www.volexity.com/blog/2026/06/04/verdantbamboo-just-another-brickstorm-in-the-firewall/

#ThreatIntelligence #CyberSecurity #APT #BRICKSTORM #Microsoft365 #CloudSecurity #DFIR

VerdantBamboo: Just Another BRICKSTORM in the Firewall

In September 2025, Volexity conducted an incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine appliance on a customer’s network. The virtual machine was an Egnyte Storage Sync system, which is designed to facilitate sync local on-premise files with the cloud. Volexity discovered that instead of connecting to a domain affiliated with Egnyte, the appliance was connecting to a threat-actor-controlled domain behind Cloudflare IP addresses.

Volexity
(in)sicurezza digitaleJun 7

VerdantBamboo (UNC5221): il gruppo APT cinese che resta invisibile per 18 mesi con tre backdoor inedite

Volexity ricostruisce un'intrusione durata 18 mesi da parte del gruppo APT cinese VerdantBamboo/UNC5221. Tre backdoor inedite — BRICKSTORM, PLENET e AGENTPSD — deployate su appliance senza EDR per bypassare le Conditional Access Policy di Microsoft 365. Il gruppo è tornato pochi giorni dopo la remediation.

https://insicurezzadigitale.com/verdantbamboo-unc5221-il-gruppo-apt-cinese-che-resta-invisibile-per-18-mesi-con-tre-backdoor-inedite/

The New OilJun 7

Chinese #APT deploys new #malware to keep access to hacked networks

https://www.bleepingcomputer.com/news/security/chinese-apt-deploys-new-malware-to-keep-access-to-hacked-networks/

#China #cybersecurity #UNC5221 #Brickstorm #Planet #AgentPSD #VerdantBamboo

Chinese APT deploys new malware to keep access to hacked networks

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD.

BleepingComputer
Global FeedJun 7

🔥 TRENDING

📢 BRICKSTORM-Malware: Chinesische Hacker bleiben 18 Monate unentdeckt - Börse Express

🔗 https://news.google.com/rss/articles/CBMiugFBVV95cUxNcUFxRW95TnNrWWcwYUUwbE1mSXZVazRkcUtOY1kzaVdUdjdjaFlrdGFHWmwyQzBib3h6cHp6bGswRWxscENhODU5eGZXWUlSVFZpakFyUHpfaDFxcmp6NDZvS1ljTTZKRDV3ZUYyUEtlZFJWN2M1RFE0cURzV2djVTdiZHVoQXFKYlNScllHYmRZV1FibTRrbGRmOUg4VUJTUzdHRXlhYk1RdjZudUc1eldEcWlJU0MzNkE?oc=5

#Brickstorm-malware #Chinesische #Hacker #Monate #GlobalFeed #News #DE

*Automatisch ge...

Before you continue

The Threat CodexJun 6
VerdantBamboo: Just Another BRICKSTORM in the Firewall
#VerdantBamboo #Plenet #AGENTPSD #BRICKSTORM
https://www.volexity.com/blog/2026/06/04/verdantbamboo-just-another-brickstorm-in-the-firewall/
VerdantBamboo: Just Another BRICKSTORM in the Firewall

In September 2025, Volexity conducted an incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine appliance on a customer’s network. The virtual machine was an Egnyte Storage Sync system, which is designed to facilitate sync local on-premise files with the cloud. Volexity discovered that instead of connecting to a domain affiliated with Egnyte, the appliance was connecting to a threat-actor-controlled domain behind Cloudflare IP addresses.

Volexity
Daniel MarshJun 6

UNC5221, a Chinese APT, isn't relying on one backdoor. They're building an "access portfolio" with new malware like Brickstorm and Plenet, exploiting zero-days and edge devices to maintain persistent access for over 18 months. This multi-malware strategy allows re-breaches, turning incident response into a resource drain. Discover their tactics and the real impact.

https://www.tpp.blog/r27bx1d

#cybersecurity #unc5221 #brickstorm

🤖 This post was AI-generated.

Volexity Jun 4

@volexity has published details from an incident response engagement in September 2025 involving multiple #BRICKSTORM variants deployed by a threat actor that Volexity tracks as VerdantBamboo. This case involved the breach of the victim organization’s MSP and multiple malware implants found on firewalls, cloud storage sync devices & NAS appliances. VerdantBamboo used a #0day privilege escalation exploit in the process and was also observed using administrative access to the victim organization's firewall to enable a custom VPN.
 
For more details on how the incident unfolded, the malware used by the threat actor, and the end goal of the intrusion, check out the full blog post: https://www.volexity.com/blog/2026/06/04/verdantbamboo-just-another-brickstorm-in-the-firewall/

#dfir

Analyst207Apr 8

VMware vSphere Ecosystem Targeted by BRICKSTORM Malware Attacks

Imagine an attacker sneaking past your trusted operating system and into the hidden infrastructure that powers your virtual machines - that's the risk posed by BRICKSTORM malware, which targets the VMware vSphere ecosystem. This stealthy threat allows adversaries to operate undetected, evading traditional endpoint tools by establishing…

https://osintsights.com/vmware-vsphere-ecosystem-targeted-by-brickstorm-malware-attacks

#Brickstorm #Vmware #Vsphere #VcenterServerAppliance #Esxi

VMware vSphere Ecosystem Targeted by BRICKSTORM Malware Attacks

Learn how BRICKSTORM malware targets VMware vSphere ecosystem, evading traditional security tools. Read the defender's guide now to protect your virtual machines effectively.

OSINTSights
The Threat CodexApr 3
Threat Intelligence vSphere and BRICKSTORM Malware: A Defender's Guide
#BRICKSTORM
https://cloud.google.com/blog/topics/threat-intelligence/vsphere-brickstorm-defender-guide/
vSphere and BRICKSTORM Malware: A Defender's Guide | Google Cloud Blog

A detailed guide for hardening vSphere Virtual Center with a focus on the BRICKSTORM backdoor and associated malware activity.

Google Cloud Blog