CISA Releases New Indicators of Compromise Tied to BRICKSTORM Malware

BRICKSTORM is a sophisticated backdoor malware attributed to People’s Republic of China (PRC) state-sponsored cyber actors, who have been using it to maintain long-term persistence on compromised systems.

The malware primarily targets organizations in the Government Services and Facilities and Information Technology sectors, with particular focus on VMware vSphere environments, including VMware vCenter servers and VMware ESXi platforms.

The malware represents a significant threat due to its advanced capabilities. BRICKSTORM is custom-built using Go or Rust programming languages and operates as an Executable and Linkable Format (ELF) backdoor.

The malware uses multiple layers of encryption, including HTTPS, WebSockets, and nested Transport Layer Security (TLS), to conceal communications with command-and-control servers.

To read the complete article, see: https://cybersecuritynews.com/cisa-releases-indicators-of-compromise-tied-to-brickstorm-malware/