Sign up to save your podcasts
Or
Share Brickstorm: China's VMware Hacks Aim for Grid, Hospitals & More!
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Brickstorm: China's VMware Hacks Aim for Grid, Hospitals & More!
This is your Dragon's Code: America Under Cyber Siege podcast.
Hey listeners, Ting here. Let’s jack straight into Dragon’s Code: America Under Cyber Siege.
This week’s headline act is a Chinese state‑sponsored campaign built around a malware family U.S. and Canadian agencies are calling Brickstorm. According to the joint advisory from CISA, NSA, and the Canadian Centre for Cyber Security, these operators have been quietly living inside critical infrastructure and IT providers for months, sometimes years, without tripping alarms. Reuters reporting on the advisory says one victim was compromised in April 2024 and the access was still live on September 3rd, 2025. That is nation‑state patience.
Methodology first, because that’s the fun part. The Brickstorm crews are breaking in through vulnerable virtualization stacks, especially Broadcom VMware vSphere, the software that runs fleets of virtual machines in data centers. Once they get a toe‑hold on a hypervisor, they deploy Brickstorm to harvest credentials, pivot laterally, and then sink deep hooks for persistence. Think stolen admin passwords, tampered logs, and backdoored management interfaces that let them effectively “own” every guest system on that host. A Broadcom spokesperson has already urged customers to patch aggressively and lock down vSphere management planes.
What’s getting hit? The joint advisory describes “government services and information technology entities,” but the real worry in Washington is the downstream blast radius into critical infrastructure: power grid operators whose control systems run on virtualized servers, hospitals whose electronic medical record systems share those same hypervisors, and logistics providers whose OT gateways sit one misconfigured VLAN away. Homeland Security Today’s coverage of the advisory frames it bluntly as a warning to critical infrastructure owners, not just generic IT shops.
On attribution, CISA acting director Madhu Gottumukkala says these are Chinese state‑sponsored operators embedding themselves for “long‑term access, disruption, and potential sabotage.” Analysts point to tool overlap with earlier PRC campaigns, infrastructure patterns consistent with known Chinese clusters, and the strategic targeting of platforms that underpin national‑level services. Beijing’s embassy in Washington, through spokesperson Liu Pengyu, has denied everything, insisting China does not encourage or support cyber attacks and accusing the U.S. and Canada of making “irresponsible assertions” without evidence. Classic diplomatic duel: technical indicators on one side, political denials on the other.
Defensive moves have come fast. CISA has pushed out hardening guidance for VMware vSphere, pushed sector‑wide alerts, and tied this to its broader critical infrastructure push. At the same time, the new Trump administration’s upcoming six‑pillar national cybersecurity strategy, previewed by National Cyber Director Sean Cairncross at the Aspen Cyber Summit, is lea
This content was created in partnership and with the help of Artificial Intelligence AI.
View all episodes
By Inception Point AIThis is your Dragon's Code: America Under Cyber Siege podcast.
Hey listeners, Ting here. Let’s jack straight into Dragon’s Code: America Under Cyber Siege.
This week’s headline act is a Chinese state‑sponsored campaign built around a malware family U.S. and Canadian agencies are calling Brickstorm. According to the joint advisory from CISA, NSA, and the Canadian Centre for Cyber Security, these operators have been quietly living inside critical infrastructure and IT providers for months, sometimes years, without tripping alarms. Reuters reporting on the advisory says one victim was compromised in April 2024 and the access was still live on September 3rd, 2025. That is nation‑state patience.
Methodology first, because that’s the fun part. The Brickstorm crews are breaking in through vulnerable virtualization stacks, especially Broadcom VMware vSphere, the software that runs fleets of virtual machines in data centers. Once they get a toe‑hold on a hypervisor, they deploy Brickstorm to harvest credentials, pivot laterally, and then sink deep hooks for persistence. Think stolen admin passwords, tampered logs, and backdoored management interfaces that let them effectively “own” every guest system on that host. A Broadcom spokesperson has already urged customers to patch aggressively and lock down vSphere management planes.
What’s getting hit? The joint advisory describes “government services and information technology entities,” but the real worry in Washington is the downstream blast radius into critical infrastructure: power grid operators whose control systems run on virtualized servers, hospitals whose electronic medical record systems share those same hypervisors, and logistics providers whose OT gateways sit one misconfigured VLAN away. Homeland Security Today’s coverage of the advisory frames it bluntly as a warning to critical infrastructure owners, not just generic IT shops.
On attribution, CISA acting director Madhu Gottumukkala says these are Chinese state‑sponsored operators embedding themselves for “long‑term access, disruption, and potential sabotage.” Analysts point to tool overlap with earlier PRC campaigns, infrastructure patterns consistent with known Chinese clusters, and the strategic targeting of platforms that underpin national‑level services. Beijing’s embassy in Washington, through spokesperson Liu Pengyu, has denied everything, insisting China does not encourage or support cyber attacks and accusing the U.S. and Canada of making “irresponsible assertions” without evidence. Classic diplomatic duel: technical indicators on one side, political denials on the other.
Defensive moves have come fast. CISA has pushed out hardening guidance for VMware vSphere, pushed sector‑wide alerts, and tied this to its broader critical infrastructure push. At the same time, the new Trump administration’s upcoming six‑pillar national cybersecurity strategy, previewed by National Cyber Director Sean Cairncross at the Aspen Cyber Summit, is lea
This content was created in partnership and with the help of Artificial Intelligence AI.