Mastodawn

Beyond the Battlefield: Threats to the Defense Industrial Base
#UNC3886 #UNC5221 #APT44 #TEMP.Vermin #UNC5125 #UNC5792 #UNC4221 #UNC5976 #UNC5114 #APT45 #APT43 #UNC2970 #UNC1549 #UNC6446 #APT5 #HeavenOfTheSlavs #APT1 #APT40 #VoltTyphoon #UNC6508 #UNC5203 #UNC5318
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base

Threats to the Defense Industrial Base | Google Cloud Blog

The defense sector faces a relentless barrage of operations conducted by state-sponsored actors and criminal groups.

Google Cloud Blog

CyberVeille.ch Oct 6, 2025

📢 BRICKSTORM : une backdoor attribuée à UNC5221 cible des organisations américaines via appliances réseau et zero-days
📝 Selon PolySwarm (rapport Threats and Vulne...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-05-brickstorm-une-backdoor-attribuee-a-unc5221-cible-des-organisations-americaines-via-appliances-reseau-et-zero-days/
🌐 source : https://blog.polyswarm.io/brickstorm-targets-u.s.-tech-and-legal-sectors-with-stealthy-espionage
#BRICKSTORM #UNC5221 #Cyberveille

BRICKSTORM : une backdoor attribuée à UNC5221 cible des organisations américaines via appliances réseau et zero-days

Selon PolySwarm (rapport Threats and Vulnerabilities), la backdoor BRICKSTORM, attribuée au cluster de menace UNC5221 (nexus Chine), mène depuis mars 2025 une campagne d’espionnage contre des organisations américaines des secteurs juridique, SaaS, BPO et technologique. L’opération met l’accent sur le vol de propriété intellectuelle et d’emails sensibles, avec une durée de présence moyenne de 393 jours. Le groupe cible des appliances réseau dépourvues d’EDR, exploite des vulnérabilités zero-day et emploie des techniques anti-forensiques. Il s’appuie sur les composants BRICKSTEAL (récolte d’identifiants) et SLAYSTYLE (web shell) ainsi que sur des identifiants compromis pour la mouvement latéral et l’exfiltration.

CyberVeille

Hackread.com Sep 25, 2025

Google China-linked hackers (#UNC5221) are targeting US SaaS and tech firms using the new BRICKSTORM malware, exploiting zero-day flaws, Mandiant has found.

Read: https://hackread.com/china-hackers-hit-us-tech-firms-brickstorm-malware/

#CyberSecurity #BRICKSTORM #0Day #InfoSec #APT #CyberAttack

China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto

Benjamin Carr, Ph.D. 👨🏻‍💻🧬Sep 24, 2025

#Google warns #China-linked spies lurking in 'numerous' #enterprises
Since March, Google's #Mandiant #incidentresponse team have responded to these #UNC5221-related break-ins across legal, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and technology companies. They were fount to deploy #backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days!
https://www.theregister.com/2025/09/24/google_china_spy_report/

Google warns China-linked spies lurking in 'numerous' enterprises since March

: Mandiant CTO anticipates 'hearing about this campaign for the next one to two years'

The Register

The Threat Codex Sep 24, 2025

Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
#BRICKSTORM #UNC5221
https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign

Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | Google Cloud Blog

BRICKSTORM is a stealthy backdoor used by suspected China-nexus actors for long-term espionage.

Google Cloud Blog

securityaffairs May 26, 2025

#China-linked #APT #UNC5221 started exploiting #Ivanti #EPMM flaws shortly after their disclosure
https://securityaffairs.com/178285/apt/china-linked-apt-unc5221-started-exploiting-ivanti-epmm-flaws-shortly-after-their-disclosure.html
#securityaffairs #hacking #malware

China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure

China-linked APT exploit Ivanti EPMM flaws to target critical sectors across Europe, North America, and Asia-Pacific, according to EclecticIQ.

Security Affairs

The Threat Codex May 16, 2025

China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
#CVE_2025_31324 #UNC5221 #UNC5174 #CL_STA_0048 #SNOWLIGHT
https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures

China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures

EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer.

Pia Apr 22, 2025

"Infrastructure risks have also been prominent, w/vulnerabilities in ASUS routers & critical ICS devices from Schneider Electric & Yokogawa exposing sectors like #energy & manufacturing to..." digitalfrontierpartners.com.au/news/latest-... RU #APT29 Android #NFC China #UNC5221 #SNOWLIGHT #TONESHELL

Latest Sophisticated Attacks a...

Bluesky

Bluesky Social

ComputablenlRSS Apr 15, 2025

[10:59] Chinese Brickstorm spionagemalware ontdekt op Windows-systemen

Cybersecurityspecialist Nviso heeft een nieuwe variant van de Brickstorm-malware ontdekt. De schadelijke software is gelinkt aan de Chinese spionagegroep UNC5221...

https://www.computable.nl/2025/04/15/chinese-brickstorm-spionagemalware-ontdekt-op-windows-systemen/

#CybersecurityspecialistNvisoheefteennieuwe #vandeBrickstorm_malware #aande #UNC5221

Maxime Thiebaut Apr 15, 2025

👀 Freshly published analysis of BRICKSTORM backdoor samples, now on Windows, identified in a multi-year espionage campaign attributed to the PRC: https://www.nviso.eu/blog/nviso-analyzes-brickstorm-espionage-backdoor

#threatintel #backdoor #unc5221

NVISO analyzes BRICKSTORM espionage backdoor

BRICKSTORM is an espionage backdoor linked to China-nexus cluster UNC5221, targeting European industries since at least 2022.

NVISO