515/68 Tuesday, December 9, 2025
Cybersecurity agencies have issued a warning about BRICKSTORM, an advanced backdoor malware written in Go, which is designed to target government entities and IT industry organizations. Reports indicate that state-sponsored threat actors have been using this tool to infiltrate networks and maintain long-term persistence for espionage operations, with activity observed continuously from April 2024 to the present.
BRICKSTORM specifically targets virtualization management platforms such as VMware vSphere and vCenter, rather than traditional operating systems or applications. Compromising these infrastructure-level systems enables attackers to bypass endpoint security mechanisms and gain control over virtualized resources. This includes stealing virtual machine snapshots to extract credentials, or creating hidden virtual machines within the environment to serve as bases for long-term espionage operations.
The malware is engineered for strong persistence, capable of reinstalling itself automatically if its process is terminated. It also uses multiple layers of encryption to conceal its communication with command-and-control (C2) servers. Experts warn that this type of attack reflects a growing trend of threat actors shifting toward targeting virtualization infrastructure. Organizations are advised to review and monitor systems for published indicators of compromise (IOCs) and closely watch high-privilege service accounts, which may be leveraged to expand attacks deeper into the network.
Source https://hackread.com/chinese-state-hackers-brickstorm-vmware-systems/
