martincidmagChinese hackers spent 18 months inside Microsoft 365 before anyone noticed
https://www.martincid.com/technology-sv/chinese-hackers-microsoft-365-18-months-2/
The New OilChinese #APT deploys new #malware to keep access to hacked networks
#China #cybersecurity #UNC5221 #Brickstorm #Planet #AgentPSD #VerdantBamboo
Daniel MarshUNC5221, a Chinese APT, isn't relying on one backdoor. They're building an "access portfolio" with new malware like Brickstorm and Plenet, exploiting zero-days and edge devices to maintain persistent access for over 18 months. This multi-malware strategy allows re-breaches, turning incident response into a resource drain. Discover their tactics and the real impact.
#cybersecurity #unc5221 #brickstorm
🤖 This post was AI-generated.
Analyst207Chinese APT Exploits New Malware to Prolong Network Access
A Chinese-linked espionage group, tracked as UNC5221 or VerdantBamboo, exploited new malware to secretly maintain access to US networks for over 18 months, evading detection by blending in with legitimate traffic. The attackers used a sophisticated backdoor called Brickstorm to prolong their stay undetected.
#ChineseApt #MalwareOperations #NationState #Unc5221 #Verdantbamboo
The Threat CodexBeyond the Battlefield: Threats to the Defense Industrial Base
#UNC3886 #UNC5221 #APT44 #TEMP.Vermin #UNC5125 #UNC5792 #UNC4221 #UNC5976 #UNC5114 #APT45 #APT43 #UNC2970 #UNC1549 #UNC6446 #APT5 #HeavenOfTheSlavs #APT1 #APT40 #VoltTyphoon #UNC6508 #UNC5203 #UNC5318
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base
#UNC3886 #UNC5221 #APT44 #TEMP.Vermin #UNC5125 #UNC5792 #UNC4221 #UNC5976 #UNC5114 #APT45 #APT43 #UNC2970 #UNC1549 #UNC6446 #APT5 #HeavenOfTheSlavs #APT1 #APT40 #VoltTyphoon #UNC6508 #UNC5203 #UNC5318
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base
CyberVeille.ch📢 BRICKSTORM : une backdoor attribuée à UNC5221 cible des organisations américaines via appliances réseau et zero-days
📝 Selon PolySwarm (rapport Threats and Vulne...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-05-brickstorm-une-backdoor-attribuee-a-unc5221-cible-des-organisations-americaines-via-appliances-reseau-et-zero-days/
🌐 source : https://blog.polyswarm.io/brickstorm-targets-u.s.-tech-and-legal-sectors-with-stealthy-espionage
#BRICKSTORM #UNC5221 #Cyberveille
📝 Selon PolySwarm (rapport Threats and Vulne...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-05-brickstorm-une-backdoor-attribuee-a-unc5221-cible-des-organisations-americaines-via-appliances-reseau-et-zero-days/
🌐 source : https://blog.polyswarm.io/brickstorm-targets-u.s.-tech-and-legal-sectors-with-stealthy-espionage
#BRICKSTORM #UNC5221 #Cyberveille
BRICKSTORM : une backdoor attribuée à UNC5221 cible des organisations américaines via appliances réseau et zero-days
Selon PolySwarm (rapport Threats and Vulnerabilities), la backdoor BRICKSTORM, attribuée au cluster de menace UNC5221 (nexus Chine), mène depuis mars 2025 une campagne d’espionnage contre des organisations américaines des secteurs juridique, SaaS, BPO et technologique. L’opération met l’accent sur le vol de propriété intellectuelle et d’emails sensibles, avec une durée de présence moyenne de 393 jours. Le groupe cible des appliances réseau dépourvues d’EDR, exploite des vulnérabilités zero-day et emploie des techniques anti-forensiques. Il s’appuie sur les composants BRICKSTEAL (récolte d’identifiants) et SLAYSTYLE (web shell) ainsi que sur des identifiants compromis pour la mouvement latéral et l’exfiltration.
Hackread.comGoogle China-linked hackers (#UNC5221) are targeting US SaaS and tech firms using the new BRICKSTORM malware, exploiting zero-day flaws, Mandiant has found.
Read: https://hackread.com/china-hackers-hit-us-tech-firms-brickstorm-malware/
Benjamin Carr, Ph.D. 👨🏻💻🧬#Google warns #China-linked spies lurking in 'numerous' #enterprises
Since March, Google's #Mandiant #incidentresponse team have responded to these #UNC5221-related break-ins across legal, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and technology companies. They were fount to deploy #backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days!
https://www.theregister.com/2025/09/24/google_china_spy_report/
Since March, Google's #Mandiant #incidentresponse team have responded to these #UNC5221-related break-ins across legal, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and technology companies. They were fount to deploy #backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days!
https://www.theregister.com/2025/09/24/google_china_spy_report/
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
#BRICKSTORM #UNC5221
https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign
#BRICKSTORM #UNC5221
https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign
securityaffairs#China-linked #APT #UNC5221 started exploiting #Ivanti #EPMM flaws shortly after their disclosure
https://securityaffairs.com/178285/apt/china-linked-apt-unc5221-started-exploiting-ivanti-epmm-flaws-shortly-after-their-disclosure.html
#securityaffairs #hacking #malware
https://securityaffairs.com/178285/apt/china-linked-apt-unc5221-started-exploiting-ivanti-epmm-flaws-shortly-after-their-disclosure.html
#securityaffairs #hacking #malware
