TZUTC: -0500   
   MSGID: 1789.consprcy@1:2320/105 2d983a41   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Chinese hackers used Brickworm malware to breach critical US infrastructure   
      
   Date:   
   Fri, 05 Dec 2025 13:30:00 +0000   
      
   Description:   
   CISA and friends are sounding the alarm, once again, for Chinese   
   state-sponsored hackers   
      
   FULL STORY   
      
   Chinese state-sponsored threat actors have been using Brickworm malware   
   against government organizations around the world - maintaining access,   
   exfiltrating files, and eavesdropping.    
      
   This is according to a joint report published by the US Cybersecurity and   
   Infrastructure Security Agency (CISA), the National Security Agency (NSA),    
   and the Canadian Centre for Cyber Security. The report outlines how the   
   malware operates based on the analysis of eight samples obtained from victim   
   networks.    
      
   In this, it was said that PRC hackers are targeting government and    
   information technology organizations, without detailing who the victims are,   
   or where theyre located. At the same time, Crowdstrike said it observed this   
   being used against an Asia-Pacific government organization.    
      
   Manipulating files   
      
   To break into target networks, the threat actors would go for VMware vSphere   
   and Windows systems.    
      
   At the victim organization where CISA conducted an incident response   
   engagement, PRC state-sponsored cyber actors gained long-term persistent   
   access to the organizations internal network in April 2024 and uploaded   
   BRICKSTORM malware to an internal VMware vCenter server, CISA stressed. It   
   then added that the crooks went for Active Directory:    
      
   They also gained access to two domain controllers and an Active Directory   
   Federation Services (ADFS) server. They successfully compromised the ADFS   
   server and exported cryptographic keys.    
      
   Besides being able to maintain stealthy access, Brickwork also allowed them    
   to access and manipulate all of the files on the devices. In some cases, they   
   were able to move laterally throughout the network, compromising even more   
   devices.    
      
   For CISA Acting Director Madhu Gottumukkala, the report underscores the grave   
   threats posed by the Peoples Republic of China that create ongoing   
   cybersecurity exposures and costs to the United States, our allies and the   
   critical infrastructure we all depend on.    
      
   These state-sponsored actors are not just infiltrating networks - they are   
   embedding themselves to enable long-term access, disruption, and potential   
   sabotage, he said.    
      
   China has been attributed with countless high-profile cyberattacks against   
   countries in the west, throughout the years. They were accused of going for   
   telecommunications providers, critical infrastructure, and government    
   entities - interested in cyber-espionage and potential disruption. In some   
   cases, the attacks were planned and conducted years ago, and were part of   
   possible future war efforts against Taiwan.    
      
   The countrys representatives, however, always vehemently denied all   
   accusations, instead describing the US as the biggest cyber-bully in the   
   world.    
      
    Via The Record    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/chinese-hackers-used-brickworm-malware-   
   to-breach-critical-us-infrastructure   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426