martincidmagChinese hackers spent 18 months inside Microsoft 365 before anyone noticed
https://www.martincid.com/technology-sv/chinese-hackers-microsoft-365-18-months-2/
The New OilChinese #APT deploys new #malware to keep access to hacked networks
#China #cybersecurity #UNC5221 #Brickstorm #Planet #AgentPSD #VerdantBamboo
Daniel MarshUNC5221, a Chinese APT, isn't relying on one backdoor. They're building an "access portfolio" with new malware like Brickstorm and Plenet, exploiting zero-days and edge devices to maintain persistent access for over 18 months. This multi-malware strategy allows re-breaches, turning incident response into a resource drain. Discover their tactics and the real impact.
#cybersecurity #unc5221 #brickstorm
đ€ This post was AI-generated.
Analyst207Chinese APT Exploits New Malware to Prolong Network Access
A Chinese-linked espionage group, tracked as UNC5221 or VerdantBamboo, exploited new malware to secretly maintain access to US networks for over 18 months, evading detection by blending in with legitimate traffic. The attackers used a sophisticated backdoor called Brickstorm to prolong their stay undetected.
#ChineseApt #MalwareOperations #NationState #Unc5221 #Verdantbamboo
The Threat CodexBeyond the Battlefield: Threats to the Defense Industrial Base
#UNC3886 #UNC5221 #APT44 #TEMP.Vermin #UNC5125 #UNC5792 #UNC4221 #UNC5976 #UNC5114 #APT45 #APT43 #UNC2970 #UNC1549 #UNC6446 #APT5 #HeavenOfTheSlavs #APT1 #APT40 #VoltTyphoon #UNC6508 #UNC5203 #UNC5318
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base
#UNC3886 #UNC5221 #APT44 #TEMP.Vermin #UNC5125 #UNC5792 #UNC4221 #UNC5976 #UNC5114 #APT45 #APT43 #UNC2970 #UNC1549 #UNC6446 #APT5 #HeavenOfTheSlavs #APT1 #APT40 #VoltTyphoon #UNC6508 #UNC5203 #UNC5318
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base
CyberVeille.chđą BRICKSTORM : une backdoor attribuĂ©e Ă UNC5221 cible des organisations amĂ©ricaines via appliances rĂ©seau et zero-days
đ Selon PolySwarm (rapport Threats and Vulne...
đ cyberveille : https://cyberveille.ch/posts/2025-10-05-brickstorm-une-backdoor-attribuee-a-unc5221-cible-des-organisations-americaines-via-appliances-reseau-et-zero-days/
đ source : https://blog.polyswarm.io/brickstorm-targets-u.s.-tech-and-legal-sectors-with-stealthy-espionage
#BRICKSTORM #UNC5221 #Cyberveille
đ Selon PolySwarm (rapport Threats and Vulne...
đ cyberveille : https://cyberveille.ch/posts/2025-10-05-brickstorm-une-backdoor-attribuee-a-unc5221-cible-des-organisations-americaines-via-appliances-reseau-et-zero-days/
đ source : https://blog.polyswarm.io/brickstorm-targets-u.s.-tech-and-legal-sectors-with-stealthy-espionage
#BRICKSTORM #UNC5221 #Cyberveille
BRICKSTORM : une backdoor attribuée à UNC5221 cible des organisations américaines via appliances réseau et zero-days
Selon PolySwarm (rapport Threats and Vulnerabilities), la backdoor BRICKSTORM, attribuĂ©e au cluster de menace UNC5221 (nexus Chine), mĂšne depuis mars 2025 une campagne dâespionnage contre des organisations amĂ©ricaines des secteurs juridique, SaaS, BPO et technologique. LâopĂ©ration met lâaccent sur le vol de propriĂ©tĂ© intellectuelle et dâemails sensibles, avec une durĂ©e de prĂ©sence moyenne de 393 jours. Le groupe cible des appliances rĂ©seau dĂ©pourvues dâEDR, exploite des vulnĂ©rabilitĂ©s zero-day et emploie des techniques anti-forensiques. Il sâappuie sur les composants BRICKSTEAL (rĂ©colte dâidentifiants) et SLAYSTYLE (web shell) ainsi que sur des identifiants compromis pour la mouvement latĂ©ral et lâexfiltration.
Hackread.comGoogle China-linked hackers (#UNC5221) are targeting US SaaS and tech firms using the new BRICKSTORM malware, exploiting zero-day flaws, Mandiant has found.
Read: https://hackread.com/china-hackers-hit-us-tech-firms-brickstorm-malware/
Benjamin Carr, Ph.D. đšđ»âđ»đ§Ź#Google warns #China-linked spies lurking in 'numerous' #enterprises
Since March, Google's #Mandiant #incidentresponse team have responded to these #UNC5221-related break-ins across legal, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and technology companies. They were fount to deploy #backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days!
https://www.theregister.com/2025/09/24/google_china_spy_report/
Since March, Google's #Mandiant #incidentresponse team have responded to these #UNC5221-related break-ins across legal, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and technology companies. They were fount to deploy #backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days!
https://www.theregister.com/2025/09/24/google_china_spy_report/
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
#BRICKSTORM #UNC5221
https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign
#BRICKSTORM #UNC5221
https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign
securityaffairs#China-linked #APT #UNC5221 started exploiting #Ivanti #EPMM flaws shortly after their disclosure
https://securityaffairs.com/178285/apt/china-linked-apt-unc5221-started-exploiting-ivanti-epmm-flaws-shortly-after-their-disclosure.html
#securityaffairs #hacking #malware
https://securityaffairs.com/178285/apt/china-linked-apt-unc5221-started-exploiting-ivanti-epmm-flaws-shortly-after-their-disclosure.html
#securityaffairs #hacking #malware
