EPISODE · Dec 13, 2025 · 4 MIN
China's Cyber Spies Unleash BRICKSTORM Backdoor as US UK Sanctions Fly
from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your Digital Dragon Watch, and this week the dragon’s been busy in the wires. Let’s start with the big one: BRICKSTORM. According to a joint malware analysis from CISA and Canada’s Cyber Centre, BRICKSTORM is a China‑sponsored backdoor designed for long‑term persistence in Windows environments, VMware vCenter, and ESXi, especially in information technology and government services networks. Analysts found it quietly riding alongside normal traffic, exfiltrating files, stealing cryptographic keys, and even self‑healing if defenders try to kill it. CrowdStrike ties BRICKSTORM to a China‑nexus crew dubbed WARP PANDA, with deep expertise in cloud and virtual machines, and at least eight victim organizations so far. While the technical teams publish indicators of compromise and detection signatures, the policy world is swinging its own hammer. The UK’s National Cyber Security Centre just sanctioned Sichuan Anxun Information Technology, better known as i‑Soon, and Integrity Technology Group for what London calls “reckless and indiscriminate cyberattacks” against more than 80 federal and private IT systems. Australia quickly backed the move. Both companies have already been sanctioned by the United States for supporting Chinese intelligence operations, including links to the espionage group Flax Typhoon. Beijing’s Foreign Ministry, via spokesperson Guo Jiakun, condemned the sanctions as politicized “disinformation” and demanded the UK “correct its wrong approach.” Zooming to another long‑running storm: Salt Typhoon. Cybernews and SentinelOne report that Yu Yang and Qiu Daibing, alleged Salt Typhoon operators, once competed in Cisco’s Networking Academy Cup before later co‑owning Beijing Huanyu Tianqiong, a firm repeatedly named in US and allied advisories as a front for hacking at least 80 global telecoms like Verizon, AT&T, T‑Mobile, Viasat, and Lumen. US officials allege Salt Typhoon has also breached a US state Army National Guard network and even US Treasury laptops, positioning itself for potential disruption of critical infrastructure if tensions with China escalate. Plans to sanction China’s Ministry of State Security over these intrusions have reportedly been put on hold to protect a fragile trade deal, raising hard questions about whether economic concerns are trumping cybersecurity. On the defensive side, Congress just moved a must‑pass defense authorization bill that supercharges US cyber posture. The package boosts US Cyber Command funding, locks in its tight partnership with NSA, mandates hardened mobile devices for senior officials, and forces the Pentagon to bake AI‑specific threats into mandatory cyber training. It also pushes for harmonized cybersecurity requirements across the defense industrial base and clearer rules for using commercial cloud enclaves for high‑risk systems. So what should you do? CISA’s BRICKSTORM guidance is blunt This content was created in partnership and with the help of Artificial Intelligence AI.
What this episode covers
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your Digital Dragon Watch, and this week the dragon’s been busy in the wires. Let’s start with the big one: BRICKSTORM. According to a joint malware analysis from CISA and Canada’s Cyber Centre, BRICKSTORM is a China‑sponsored backdoor designed for long‑term persistence in Windows environments, VMware vCenter, and ESXi, especially in information technology and government services networks. Analysts found it quietly riding alongside normal traffic, exfiltrating files, stealing cryptographic keys, and even self‑healing if defenders try to kill it. CrowdStrike ties BRICKSTORM to a China‑nexus crew dubbed WARP PANDA, with deep expertise in cloud and virtual machines, and at least eight victim organizations so far. While the technical teams publish indicators of compromise and detection signatures, the policy world is swinging its own hammer. The UK’s National Cyber Security Centre just sanctioned Sichuan Anxun Information Technology, better known as i‑Soon, and Integrity Technology Group for what London calls “reckless and indiscriminate cyberattacks” against more than 80 federal and private IT systems. Australia quickly backed the move. Both companies have already been sanctioned by the United States for supporting Chinese intelligence operations, including links to the espionage group Flax Typhoon. Beijing’s Foreign Ministry, via spokesperson Guo Jiakun, condemned the sanctions as politicized “disinformation” and demanded the UK “correct its wrong approach.” Zooming to another long‑running storm: Salt Typhoon. Cybernews and SentinelOne report that Yu Yang and Qiu Daibing, alleged Salt Typhoon operators, once competed in Cisco’s Networking Academy Cup before later co‑owning Beijing Huanyu Tianqiong, a firm repeatedly named in US and allied advisories as a front for hacking at least 80 global telecoms like Verizon, AT&T, T‑Mobile, Viasat, and Lumen. US officials allege Salt Typhoon has also breached a US state Army National Guard network and even US Treasury laptops, positioning itself for potential disruption of critical infrastructure if tensions with China escalate. Plans to sanction China’s Ministry of State Security over these intrusions have reportedly been put on hold to protect a fragile trade deal, raising hard questions about whether economic concerns are trumping cybersecurity. On the defensive side, Congress just moved a must‑pass defense authorization bill that supercharges US cyber posture. The package boosts US Cyber Command funding, locks in its tight partnership with NSA, mandates hardened mobile devices for senior officials, and forces the Pentagon to bake AI‑specific threats into mandatory cyber training. It also pushes for harmonized cybersecurity requirements across the defense industrial base and clearer rules for using commercial cloud enclaves for high‑risk systems. So what should you do? CISA’s BRICKSTORM guidance is blunt This content was created in partnership and with the help of Artificial Intelligence AI.
NOW PLAYING
China's Cyber Spies Unleash BRICKSTORM Backdoor as US UK Sanctions Fly
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.