- Chinese State-Sponsored Actors Deploy Brickworm Malware to Infiltrate Government and IT Networks Worldwide
- The malware targets VMware vSphere and Windows, allowing persistence, file manipulation, and Active Directory compromise.
- CISA warns of long-term espionage and sabotage risks; China denies accusations and calls the United States a “cyber bully”
Chinese state-sponsored threat actors have been using Brickworm malware against government organizations around the world, maintaining access, extracting files, and eavesdropping.
This is stated in a joint report published by the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the Canadian Cyber Security Centre. The report describes how the malware operates based on the analysis of eight samples obtained from victims’ networks.
In it, it was said that hackers from the People’s Republic of China are targeting “government and information technology” organizations, without detailing who the victims are or where they are located. At the same time, Crowdstrike said it observed this being used against an Asia-Pacific government organization.
Manipulate files
To break into target networks, threat actors would opt for VMware vSphere and Windows systems.
“At the victim organization where CISA conducted an incident response engagement, PRC state-sponsored cyber actors gained long-term persistent access to the organization’s internal network in April 2024 and loaded BRICKSTORM malware on an internal VMware vCenter server,” CISA emphasized. He then added that the criminals opted for Active Directory:
“They also gained access to two domain controllers and an Active Directory Federation Services (ADFS) server. They successfully compromised the ADFS server and exported cryptographic keys.”
In addition to being able to maintain stealth access, Brickwork also allowed them to access and manipulate all files on the devices. In some cases, they were able to move laterally across the network, compromising even more devices.
For CISA acting director Madhu Gottumukkala, the report “underscores the serious threats posed by the People’s Republic of China that create continued cybersecurity exposures and costs for the United States, our allies, and the critical infrastructure on which we all depend.”
“These state-sponsored actors are not only infiltrating networks, they are becoming embedded to allow long-term access, disruption and potential sabotage,” he said.
China has been blamed for countless high-profile cyberattacks against Western countries over the years. They were accused of turning to telecommunications providers, critical infrastructure and government entities, interested in cyberespionage and possible disruptions. In some cases, the attacks were planned and carried out years ago and were part of possible future war efforts against Taiwan.
The country’s representatives, however, always vehemently denied all accusations and instead described the United States as the world’s biggest “cyber bully.”
Through The record
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
