Brickstorm malware variant targets Windows systems
A European cyber security firm, Nviso, has discovered a new variant of the Brickstorm malware that targets Windows systems. This malicious software is linked to the Chinese spy group UNC5221 and aims to steal sensitive information from Western companies by creating secret access points within their networks.
While Mandiant (a subsidiary of Google) previously discovered Brickstorm on Linux architectures, Nviso’s incident response team made the groundbreaking discovery of its presence on Windows systems. In at least one case, the malware had been active undetected for several years.
China’s focus on espionage activities is consistent with its national strategy to strengthen economic strength. Advanced Chinese threat actors such as UNC5221 specifically target intellectual property and trade secrets of strategically important Western companies.
UNC5221 uses advanced techniques to discreetly infiltrate networks and remain undetected for extended periods of time. They use a combination of zero-day vulnerabilities and “backdoors” like the Brickstorm malware. This malicious software installs a virtually invisible access point within a company’s IT infrastructure, giving attackers persistent and covert access to specific areas or even the entire network, depending on the privileges gained.
Using existing IT structures and legitimate tools, these attackers move almost invisibly through corporate networks, often going undetected for long periods of time. This allows them to access sensitive information such as research data, new product developments, strategic business plans and military intelligence, which is then used by the Chinese state for commercial or military purposes.
Nviso highlights the alarming implications of this discovery. “Given the methodology of UNC5221, we suspect that this malware may be more widespread than currently known,” warns Michel Coene, partner in Nviso’s incident response team. He highlights their sophisticated approach: penetrate systems through unknown vulnerabilities (zero-days), operate discreetly and mimic the activities of IT teams. They even use legitimate cloud services such as Cloudflare and encrypt network communications to remain hidden.
The discovery of Brickstorm’s presence on Windows infrastructure underscores the possibility of widespread impact. Nviso has compiled a detailed report to help companies detect Brickstorm and strengthen their network security, particularly on Windows systems. They urge all organisations to review this information immediately.
Business AM
Subscribers 0
Fans 0
Followers 0
Followers