Sign up to save your podcasts
Or
Share China's Cyber Ninjas: Brickstorm Malware Sneaks Past US Defenses for Espionage Bonanza
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
China's Cyber Ninjas: Brickstorm Malware Sneaks Past US Defenses for Espionage Bonanza
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Hey listeners, Ting here on Digital Dragon Watch: Weekly China Cyber Alert, dropping straight into the wild seven-day cyber ride. No slow roll—let’s hit the core breach that’s new, sizzling, and dangerously sophisticated.
Right now, China-linked hacker groups are running deep and rampant inside major US software firms, law offices, and tech providers. Mandiant, Google’s top-tier threat intelligence crew, revealed that suspected operatives, mostly tracked as UNC5221 and the infamous RedNovember—also known as Storm-2077 by Microsoft—have breached networks for over a year in some cases. Yeah, a whole year. Imagine your office fridge thief never leaving and grabbing much more than lunch leftovers.
Their latest trick: stealthy malware, including this beast called Brickstorm. It works like a digital ninja, installing sneaky Java Servlet filters in places like VMware’s vCenter web servers, all in-memory for max stealth. They’re scooping up login credentials, rifling through developer and legal emails, and sucking up proprietary software source code to hunt for undisclosed vulnerabilities—prime ammo for future attacks that haven’t even been dreamt up yet.
Targets this week are no longer just the usual suspects. Besides tech and SaaS firms, legal services—especially those helping clients wrangle high-stakes trade and national security disputes—have been hammered. Real-world example: Wiley Rein, a Washington, DC-based law firm, saw attorneys’ email breached over the summer. Chinese operatives set up shop using Microsoft Entra ID privileges—mail.read, full_access_as_app—you get the vibe: total mailbox espionage.
Now let’s talk scale. Brickstorm and its kin have been so careful, even security veterans are stunned. We’re talking an average “dwell time” close to 400 days before anyone even smells something fishy. In many cases, the hackers erase evidence, so organizations are discovering compromised backup images months after the fact. Charles Carmakal, Mandiant’s CTO, flat-out warns: many more victims simply don’t know they’ve been targeted yet.
US government response? FBI cyber teams are on red alert. They’re investigating actively and working across both law enforcement and the private sector. The agency encourages anyone suspicious to reach out quickly. Meanwhile, Congress is getting serious: new bipartisan measures like the Cybersecurity in Agriculture Act aim to defend agricultural infrastructure, with plans for regional security centers and R&D against threats from China and other adversaries.
Expert recommendations are clear and urgent. Organizations must:
Invest in proactive threat hunting tools—Google and Mandiant now offer utilities to help detect Brickstorm and UNC5221 group activity.
Harden defenses on systems like VMware vCenter, ESXi hosts, and all endpoints that can’t run standard detection tools.
Audit Microsoft Entra ID app privileges and mail access scopes. Assume email systems—especially for key personnel—are prime targets.
Quickly review your backup images for historic malware, not just live attacks. Retrospective analysis is huge—these attackers love to cover their tracks.
Let’s not forget: Beijing publicly denies all US hacking allegations and fires back with accusations of American cyberattacks. But law enforcement isn’t letting up. Italian police even arrested a Chinese national linked to vaccine research theft—one of the first confirmed intelligence-linked hackers snagged outside the US.
That wraps this week’s Digital Dragon chase. Thanks for tuning in. Be sure to subscribe for your next dose of Ting’s witty cyber wisdom. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here on Digital Dragon Watch: Weekly China Cyber Alert, dropping straight into the wild seven-day cyber ride. No slow roll—let’s hit the core breach that’s new, sizzling, and dangerously sophisticated.
Right now, China-linked hacker groups are running deep and rampant inside major US software firms, law offices, and tech providers. Mandiant, Google’s top-tier threat intelligence crew, revealed that suspected operatives, mostly tracked as UNC5221 and the infamous RedNovember—also known as Storm-2077 by Microsoft—have breached networks for over a year in some cases. Yeah, a whole year. Imagine your office fridge thief never leaving and grabbing much more than lunch leftovers.
Their latest trick: stealthy malware, including this beast called Brickstorm. It works like a digital ninja, installing sneaky Java Servlet filters in places like VMware’s vCenter web servers, all in-memory for max stealth. They’re scooping up login credentials, rifling through developer and legal emails, and sucking up proprietary software source code to hunt for undisclosed vulnerabilities—prime ammo for future attacks that haven’t even been dreamt up yet.
Targets this week are no longer just the usual suspects. Besides tech and SaaS firms, legal services—especially those helping clients wrangle high-stakes trade and national security disputes—have been hammered. Real-world example: Wiley Rein, a Washington, DC-based law firm, saw attorneys’ email breached over the summer. Chinese operatives set up shop using Microsoft Entra ID privileges—mail.read, full_access_as_app—you get the vibe: total mailbox espionage.
Now let’s talk scale. Brickstorm and its kin have been so careful, even security veterans are stunned. We’re talking an average “dwell time” close to 400 days before anyone even smells something fishy. In many cases, the hackers erase evidence, so organizations are discovering compromised backup images months after the fact. Charles Carmakal, Mandiant’s CTO, flat-out warns: many more victims simply don’t know they’ve been targeted yet.
US government response? FBI cyber teams are on red alert. They’re investigating actively and working across both law enforcement and the private sector. The agency encourages anyone suspicious to reach out quickly. Meanwhile, Congress is getting serious: new bipartisan measures like the Cybersecurity in Agriculture Act aim to defend agricultural infrastructure, with plans for regional security centers and R&D against threats from China and other adversaries.
Expert recommendations are clear and urgent. Organizations must:
Invest in proactive threat hunting tools—Google and Mandiant now offer utilities to help detect Brickstorm and UNC5221 group activity.
Harden defenses on systems like VMware vCenter, ESXi hosts, and all endpoints that can’t run standard detection tools.
Audit Microsoft Entra ID app privileges and mail access scopes. Assume email systems—especially for key personnel—are prime targets.
Quickly review your backup images for historic malware, not just live attacks. Retrospective analysis is huge—these attackers love to cover their tracks.
Let’s not forget: Beijing publicly denies all US hacking allegations and fires back with accusations of American cyberattacks. But law enforcement isn’t letting up. Italian police even arrested a Chinese national linked to vaccine research theft—one of the first confirmed intelligence-linked hackers snagged outside the US.
That wraps this week’s Digital Dragon chase. Thanks for tuning in. Be sure to subscribe for your next dose of Ting’s witty cyber wisdom. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Hey listeners, Ting here on Digital Dragon Watch: Weekly China Cyber Alert, dropping straight into the wild seven-day cyber ride. No slow roll—let’s hit the core breach that’s new, sizzling, and dangerously sophisticated.
Right now, China-linked hacker groups are running deep and rampant inside major US software firms, law offices, and tech providers. Mandiant, Google’s top-tier threat intelligence crew, revealed that suspected operatives, mostly tracked as UNC5221 and the infamous RedNovember—also known as Storm-2077 by Microsoft—have breached networks for over a year in some cases. Yeah, a whole year. Imagine your office fridge thief never leaving and grabbing much more than lunch leftovers.
Their latest trick: stealthy malware, including this beast called Brickstorm. It works like a digital ninja, installing sneaky Java Servlet filters in places like VMware’s vCenter web servers, all in-memory for max stealth. They’re scooping up login credentials, rifling through developer and legal emails, and sucking up proprietary software source code to hunt for undisclosed vulnerabilities—prime ammo for future attacks that haven’t even been dreamt up yet.
Targets this week are no longer just the usual suspects. Besides tech and SaaS firms, legal services—especially those helping clients wrangle high-stakes trade and national security disputes—have been hammered. Real-world example: Wiley Rein, a Washington, DC-based law firm, saw attorneys’ email breached over the summer. Chinese operatives set up shop using Microsoft Entra ID privileges—mail.read, full_access_as_app—you get the vibe: total mailbox espionage.
Now let’s talk scale. Brickstorm and its kin have been so careful, even security veterans are stunned. We’re talking an average “dwell time” close to 400 days before anyone even smells something fishy. In many cases, the hackers erase evidence, so organizations are discovering compromised backup images months after the fact. Charles Carmakal, Mandiant’s CTO, flat-out warns: many more victims simply don’t know they’ve been targeted yet.
US government response? FBI cyber teams are on red alert. They’re investigating actively and working across both law enforcement and the private sector. The agency encourages anyone suspicious to reach out quickly. Meanwhile, Congress is getting serious: new bipartisan measures like the Cybersecurity in Agriculture Act aim to defend agricultural infrastructure, with plans for regional security centers and R&D against threats from China and other adversaries.
Expert recommendations are clear and urgent. Organizations must:
Invest in proactive threat hunting tools—Google and Mandiant now offer utilities to help detect Brickstorm and UNC5221 group activity.
Harden defenses on systems like VMware vCenter, ESXi hosts, and all endpoints that can’t run standard detection tools.
Audit Microsoft Entra ID app privileges and mail access scopes. Assume email systems—especially for key personnel—are prime targets.
Quickly review your backup images for historic malware, not just live attacks. Retrospective analysis is huge—these attackers love to cover their tracks.
Let’s not forget: Beijing publicly denies all US hacking allegations and fires back with accusations of American cyberattacks. But law enforcement isn’t letting up. Italian police even arrested a Chinese national linked to vaccine research theft—one of the first confirmed intelligence-linked hackers snagged outside the US.
That wraps this week’s Digital Dragon chase. Thanks for tuning in. Be sure to subscribe for your next dose of Ting’s witty cyber wisdom. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here on Digital Dragon Watch: Weekly China Cyber Alert, dropping straight into the wild seven-day cyber ride. No slow roll—let’s hit the core breach that’s new, sizzling, and dangerously sophisticated.
Right now, China-linked hacker groups are running deep and rampant inside major US software firms, law offices, and tech providers. Mandiant, Google’s top-tier threat intelligence crew, revealed that suspected operatives, mostly tracked as UNC5221 and the infamous RedNovember—also known as Storm-2077 by Microsoft—have breached networks for over a year in some cases. Yeah, a whole year. Imagine your office fridge thief never leaving and grabbing much more than lunch leftovers.
Their latest trick: stealthy malware, including this beast called Brickstorm. It works like a digital ninja, installing sneaky Java Servlet filters in places like VMware’s vCenter web servers, all in-memory for max stealth. They’re scooping up login credentials, rifling through developer and legal emails, and sucking up proprietary software source code to hunt for undisclosed vulnerabilities—prime ammo for future attacks that haven’t even been dreamt up yet.
Targets this week are no longer just the usual suspects. Besides tech and SaaS firms, legal services—especially those helping clients wrangle high-stakes trade and national security disputes—have been hammered. Real-world example: Wiley Rein, a Washington, DC-based law firm, saw attorneys’ email breached over the summer. Chinese operatives set up shop using Microsoft Entra ID privileges—mail.read, full_access_as_app—you get the vibe: total mailbox espionage.
Now let’s talk scale. Brickstorm and its kin have been so careful, even security veterans are stunned. We’re talking an average “dwell time” close to 400 days before anyone even smells something fishy. In many cases, the hackers erase evidence, so organizations are discovering compromised backup images months after the fact. Charles Carmakal, Mandiant’s CTO, flat-out warns: many more victims simply don’t know they’ve been targeted yet.
US government response? FBI cyber teams are on red alert. They’re investigating actively and working across both law enforcement and the private sector. The agency encourages anyone suspicious to reach out quickly. Meanwhile, Congress is getting serious: new bipartisan measures like the Cybersecurity in Agriculture Act aim to defend agricultural infrastructure, with plans for regional security centers and R&D against threats from China and other adversaries.
Expert recommendations are clear and urgent. Organizations must:
Invest in proactive threat hunting tools—Google and Mandiant now offer utilities to help detect Brickstorm and UNC5221 group activity.
Harden defenses on systems like VMware vCenter, ESXi hosts, and all endpoints that can’t run standard detection tools.
Audit Microsoft Entra ID app privileges and mail access scopes. Assume email systems—especially for key personnel—are prime targets.
Quickly review your backup images for historic malware, not just live attacks. Retrospective analysis is huge—these attackers love to cover their tracks.
Let’s not forget: Beijing publicly denies all US hacking allegations and fires back with accusations of American cyberattacks. But law enforcement isn’t letting up. Italian police even arrested a Chinese national linked to vaccine research theft—one of the first confirmed intelligence-linked hackers snagged outside the US.
That wraps this week’s Digital Dragon chase. Thanks for tuning in. Be sure to subscribe for your next dose of Ting’s witty cyber wisdom. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI