Chinese state-linked hackers have been identified as the perpetrators of a sophisticated, long-term cyber espionage campaign targeting government and technology organizations in the United States and Canada. The operation utilized a stealthy backdoor malware known as Brickstorm to infiltrate networks built on the VMware vSphere cloud computing platform. According to a joint cybersecurity advisory from U.S. and Canadian agencies, the hackers, sponsored by the People’s Republic of China, successfully compromised their targets. They established long-term persistent access to an unnamed victim’s internal network. Once inside, the threat actors had the ability to steal login credentials, tamper with sensitive files, and create hidden, unauthorized virtual machines. This level of access granted them effective control over the compromised environments, often without detection. The campaign is believed to have been active from at least April 2024 until September of this year. A detailed technical analysis of the Brickstorm malware was published, outlining eight distinct samples of the backdoor. The exact number of organizations targeted or successfully breached remains unclear. The attack vector focused on the VMware vSphere platform, a widely used system for managing virtualized infrastructure. In response to the disclosures, Broadcom, the current owner of VMware, stated it is aware of the allegations and continues to encourage all customers to apply the latest security patches to their systems promptly. This incident highlights a growing trend of cyber threats aimed at critical cloud infrastructure. Earlier this year, Google’s Threat Intelligence Group also published research on the same Brickstorm campaign. Their report urged organizations to reassess their security posture for network appliances and to proactively hunt for signs of compromise linked to these specific advanced threat actors. The campaign underscores the persistent and advanced nature of state-sponsored cyber espionage, particularly focusing on cloud platforms that form the backbone of modern government and corporate IT operations. Security experts emphasize that robust patch management, vigilant network monitoring, and proactive threat hunting are essential defenses against such sophisticated intrusions.
