1. Forum
  2. Fidonet
  3. CONSPRCY

  • Chinese hackers used Bric

    From Mike Powell@1:2320/105 to All on Fri Dec 5 10:41:56 2025
    Chinese hackers used Brickworm malware to breach critical US infrastructure

    Date:
    Fri, 05 Dec 2025 13:30:00 +0000

    Description:
    CISA and friends are sounding the alarm, once again, for Chinese state-sponsored hackers

    FULL STORY

    Chinese state-sponsored threat actors have been using Brickworm malware
    against government organizations around the world - maintaining access, exfiltrating files, and eavesdropping.

    This is according to a joint report published by the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA),
    and the Canadian Centre for Cyber Security. The report outlines how the
    malware operates based on the analysis of eight samples obtained from victim networks.

    In this, it was said that PRC hackers are targeting government and
    information technology organizations, without detailing who the victims are,
    or where theyre located. At the same time, Crowdstrike said it observed this being used against an Asia-Pacific government organization.

    Manipulating files

    To break into target networks, the threat actors would go for VMware vSphere and Windows systems.

    At the victim organization where CISA conducted an incident response engagement, PRC state-sponsored cyber actors gained long-term persistent
    access to the organizations internal network in April 2024 and uploaded BRICKSTORM malware to an internal VMware vCenter server, CISA stressed. It
    then added that the crooks went for Active Directory:

    They also gained access to two domain controllers and an Active Directory Federation Services (ADFS) server. They successfully compromised the ADFS server and exported cryptographic keys.

    Besides being able to maintain stealthy access, Brickwork also allowed them
    to access and manipulate all of the files on the devices. In some cases, they were able to move laterally throughout the network, compromising even more devices.

    For CISA Acting Director Madhu Gottumukkala, the report underscores the grave threats posed by the Peoples Republic of China that create ongoing cybersecurity exposures and costs to the United States, our allies and the critical infrastructure we all depend on.

    These state-sponsored actors are not just infiltrating networks - they are embedding themselves to enable long-term access, disruption, and potential sabotage, he said.

    China has been attributed with countless high-profile cyberattacks against countries in the west, throughout the years. They were accused of going for telecommunications providers, critical infrastructure, and government
    entities - interested in cyber-espionage and potential disruption. In some cases, the attacks were planned and conducted years ago, and were part of possible future war efforts against Taiwan.

    The countrys representatives, however, always vehemently denied all accusations, instead describing the US as the biggest cyber-bully in the
    world.

    Via The Record

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/chinese-hackers-used-brickworm-malware- to-breach-critical-us-infrastructure

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)