All CISA Advisories, EN

BRICKSTORM Backdoor

2025-12-04 18:12

Malware Analysis at a Glance
Executive Summary	The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Canadian Centre for Cyber Security (Cyber Centre) assess People’s Republic of China (PRC) state-sponsored cyber actors are using BRICKSTORM malware for long-term persistence on victim systems. CISA, NSA, and Cyber Centre are releasing this Malware Analysis Report to share indicators of compromise (IOCs) and detection signatures based off analysis of eight BRICKSTORM samples. CISA, NSA, and Cyber Centre urge organizations to use the IOCs and detection signatures to identify BRICKSTORM malware samples.
Key Actions	Use the IOCs and detection signatures to identify BRICKSTORM samples. If BRICKSTORM, similar malware, or potentially related activity is detected, report the incident to CISA, Cyber Centre, or required authorities immediately.
Indicators of Compromise	For a downloadable copy of IOCs associated with this malware, see: MAR-251165.c1.v1.CLEAR.
Detection	This malware analysis report includes YARA and Sigma rules. For a downloadable copy of the Sigma rules associated with this malware, see: AR25-338A Sigma YAML.
Intended Audience	Organizations: Government and critical infrastructure organizations. Roles: Digital forensics analysts, incident responders, vulnerability analysts, This article has been indexed from All CISA Advisories Read the original article: BRICKSTORM Backdoor Share this: Facebook X LinkedIn Like this: Like Loading... Related Tags: All CISA Advisories EN Post navigation ← Dangerous RCE Flaw in React, Next.js Threatens Cloud Environments, Apps PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts GRC Automation Becomes Essential as Compliance Demands Accelerate December 4, 2025 ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm December 4, 2025 IT Security News Hourly Summary 2025-12-04 18h : 8 posts December 4, 2025 Cloudflare Blocks Aisuru Botnet Powered Largest Ever 29.7 Tbps DDoS Attack December 4, 2025 AT&T Extends Deadline for Data Breach Settlement Claims December 4, 2025 CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks December 4, 2025 New SVG Clickjacking Attack Let Attackers Create Interactive Clickjacking Attacks December 4, 2025 UK Crime Agency Uncovers Money Laundering Network That Bought Kyrgyzstan Bank to Move Ransom Payments to Russia December 4, 2025 Tor Network to Roll Out New Encryption Algorithm in Major Security Upgrade December 4, 2025 Gainsight Breach Spread into Salesforce Environments; Scope Under Investigation December 4, 2025 CISA and International Partners Issue Guidance for Secure AI in Infrastructure December 4, 2025 Wordfence Intelligence Weekly WordPress Vulnerability Report (November 24, 2025 to November 30, 2025) December 4, 2025 CISA, NSA and Cyber Centre Warn Critical Infrastructure of BRICKSTORM Malware Used by People’s Republic of China State-Sponsored Actors December 4, 2025 Defend Against the Latest Cyber Threats with AI Security and Expanded Zero Trust for Hybrid Mesh Cloud and On-Prem Firewalls December 4, 2025 Protect Your Digital Life with a 5-Year iProVPN Plan for $20 December 4, 2025 PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems December 4, 2025 BRICKSTORM Backdoor December 4, 2025 Dangerous RCE Flaw in React, Next.js Threatens Cloud Environments, Apps December 4, 2025 Critical vulnerabilities found in React and Next.js December 4, 2025 Lawmakers question White House on strategy for countering AI-fueled hacks December 4, 2025 Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}