TZUTC: -0500
MSGID: 1789.consprcy@1:2320/105 2d983a41
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Chinese hackers used Brickworm malware to breach critical US infrastructure

Date:
Fri, 05 Dec 2025 13:30:00 +0000

Description:
CISA and friends are sounding the alarm, once again, for Chinese
state-sponsored hackers

FULL STORY

Chinese state-sponsored threat actors have been using Brickworm malware
against government organizations around the world - maintaining access,
exfiltrating files, and eavesdropping. 

This is according to a joint report published by the US Cybersecurity and
Infrastructure Security Agency (CISA), the National Security Agency (NSA), 
and the Canadian Centre for Cyber Security. The report outlines how the
malware operates based on the analysis of eight samples obtained from victim
networks. 

In this, it was said that PRC hackers are targeting government and 
information technology organizations, without detailing who the victims are,
or where theyre located. At the same time, Crowdstrike said it observed this
being used against an Asia-Pacific government organization. 

Manipulating files

To break into target networks, the threat actors would go for VMware vSphere
and Windows systems. 

At the victim organization where CISA conducted an incident response
engagement, PRC state-sponsored cyber actors gained long-term persistent
access to the organizations internal network in April 2024 and uploaded
BRICKSTORM malware to an internal VMware vCenter server, CISA stressed. It
then added that the crooks went for Active Directory: 

They also gained access to two domain controllers and an Active Directory
Federation Services (ADFS) server. They successfully compromised the ADFS
server and exported cryptographic keys. 

Besides being able to maintain stealthy access, Brickwork also allowed them 
to access and manipulate all of the files on the devices. In some cases, they
were able to move laterally throughout the network, compromising even more
devices. 

For CISA Acting Director Madhu Gottumukkala, the report underscores the grave
threats posed by the Peoples Republic of China that create ongoing
cybersecurity exposures and costs to the United States, our allies and the
critical infrastructure we all depend on. 

These state-sponsored actors are not just infiltrating networks - they are
embedding themselves to enable long-term access, disruption, and potential
sabotage, he said. 

China has been attributed with countless high-profile cyberattacks against
countries in the west, throughout the years. They were accused of going for
telecommunications providers, critical infrastructure, and government 
entities - interested in cyber-espionage and potential disruption. In some
cases, the attacks were planned and conducted years ago, and were part of
possible future war efforts against Taiwan. 

The countrys representatives, however, always vehemently denied all
accusations, instead describing the US as the biggest cyber-bully in the
world. 

 Via The Record 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/chinese-hackers-used-brickworm-malware-
to-breach-critical-us-infrastructure

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426