China's Cyber Ninjas: Brickstorm Malware Sneaks Past US Defenses for Espionage Bonanza episode artwork

EPISODE · Sep 24, 2025 · 4 MIN

China's Cyber Ninjas: Brickstorm Malware Sneaks Past US Defenses for Espionage Bonanza

from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here on Digital Dragon Watch: Weekly China Cyber Alert, dropping straight into the wild seven-day cyber ride. No slow roll—let’s hit the core breach that’s new, sizzling, and dangerously sophisticated. Right now, China-linked hacker groups are running deep and rampant inside major US software firms, law offices, and tech providers. Mandiant, Google’s top-tier threat intelligence crew, revealed that suspected operatives, mostly tracked as UNC5221 and the infamous RedNovember—also known as Storm-2077 by Microsoft—have breached networks for over a year in some cases. Yeah, a whole year. Imagine your office fridge thief never leaving and grabbing much more than lunch leftovers. Their latest trick: stealthy malware, including this beast called Brickstorm. It works like a digital ninja, installing sneaky Java Servlet filters in places like VMware’s vCenter web servers, all in-memory for max stealth. They’re scooping up login credentials, rifling through developer and legal emails, and sucking up proprietary software source code to hunt for undisclosed vulnerabilities—prime ammo for future attacks that haven’t even been dreamt up yet. Targets this week are no longer just the usual suspects. Besides tech and SaaS firms, legal services—especially those helping clients wrangle high-stakes trade and national security disputes—have been hammered. Real-world example: Wiley Rein, a Washington, DC-based law firm, saw attorneys’ email breached over the summer. Chinese operatives set up shop using Microsoft Entra ID privileges—mail.read, full_access_as_app—you get the vibe: total mailbox espionage. Now let’s talk scale. Brickstorm and its kin have been so careful, even security veterans are stunned. We’re talking an average “dwell time” close to 400 days before anyone even smells something fishy. In many cases, the hackers erase evidence, so organizations are discovering compromised backup images months after the fact. Charles Carmakal, Mandiant’s CTO, flat-out warns: many more victims simply don’t know they’ve been targeted yet. US government response? FBI cyber teams are on red alert. They’re investigating actively and working across both law enforcement and the private sector. The agency encourages anyone suspicious to reach out quickly. Meanwhile, Congress is getting serious: new bipartisan measures like the Cybersecurity in Agriculture Act aim to defend agricultural infrastructure, with plans for regional security centers and R&D against threats from China and other adversaries. Expert recommendations are clear and urgent. Organizations must: Invest in proactive threat hunting tools—Google and Mandiant now offer utilities to help detect Brickstorm and UNC5221 group activity. Harden defenses on systems like VMware vCenter, ESXi hosts, and all endpoints that can’t run standard detection tools. Audit Microsoft Entra ID app privileges and mail access scopes. Assume em This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here on Digital Dragon Watch: Weekly China Cyber Alert, dropping straight into the wild seven-day cyber ride. No slow roll—let’s hit the core breach that’s new, sizzling, and dangerously sophisticated. Right now, China-linked hacker groups are running deep and rampant inside major US software firms, law offices, and tech providers. Mandiant, Google’s top-tier threat intelligence crew, revealed that suspected operatives, mostly tracked as UNC5221 and the infamous RedNovember—also known as Storm-2077 by Microsoft—have breached networks for over a year in some cases. Yeah, a whole year. Imagine your office fridge thief never leaving and grabbing much more than lunch leftovers. Their latest trick: stealthy malware, including this beast called Brickstorm. It works like a digital ninja, installing sneaky Java Servlet filters in places like VMware’s vCenter web servers, all in-memory for max stealth. They’re scooping up login credentials, rifling through developer and legal emails, and sucking up proprietary software source code to hunt for undisclosed vulnerabilities—prime ammo for future attacks that haven’t even been dreamt up yet. Targets this week are no longer just the usual suspects. Besides tech and SaaS firms, legal services—especially those helping clients wrangle high-stakes trade and national security disputes—have been hammered. Real-world example: Wiley Rein, a Washington, DC-based law firm, saw attorneys’ email breached over the summer. Chinese operatives set up shop using Microsoft Entra ID privileges—mail.read, full_access_as_app—you get the vibe: total mailbox espionage. Now let’s talk scale. Brickstorm and its kin have been so careful, even security veterans are stunned. We’re talking an average “dwell time” close to 400 days before anyone even smells something fishy. In many cases, the hackers erase evidence, so organizations are discovering compromised backup images months after the fact. Charles Carmakal, Mandiant’s CTO, flat-out warns: many more victims simply don’t know they’ve been targeted yet. US government response? FBI cyber teams are on red alert. They’re investigating actively and working across both law enforcement and the private sector. The agency encourages anyone suspicious to reach out quickly. Meanwhile, Congress is getting serious: new bipartisan measures like the Cybersecurity in Agriculture Act aim to defend agricultural infrastructure, with plans for regional security centers and R&D against threats from China and other adversaries. Expert recommendations are clear and urgent. Organizations must: Invest in proactive threat hunting tools—Google and Mandiant now offer utilities to help detect Brickstorm and UNC5221 group activity. Harden defenses on systems like VMware vCenter, ESXi hosts, and all endpoints that can’t run standard detection tools. Audit Microsoft Entra ID app privileges and mail access scopes. Assume em This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

China's Cyber Ninjas: Brickstorm Malware Sneaks Past US Defenses for Espionage Bonanza

0:00 4:17

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Digital Dragon Watch: Weekly China Cyber Alert?

This episode is 4 minutes long.

When was this Digital Dragon Watch: Weekly China Cyber Alert episode published?

This episode was published on September 24, 2025.

What is this episode about?

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here on Digital Dragon Watch: Weekly China Cyber Alert, dropping straight into the wild seven-day cyber ride. No slow roll—let’s hit the core breach that’s...

Can I download this Digital Dragon Watch: Weekly China Cyber Alert episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!