China's Cyber Spies Unleash BRICKSTORM Backdoor as US UK Sanctions Fly episode artwork

EPISODE · Dec 13, 2025 · 4 MIN

China's Cyber Spies Unleash BRICKSTORM Backdoor as US UK Sanctions Fly

from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your Digital Dragon Watch, and this week the dragon’s been busy in the wires. Let’s start with the big one: BRICKSTORM. According to a joint malware analysis from CISA and Canada’s Cyber Centre, BRICKSTORM is a China‑sponsored backdoor designed for long‑term persistence in Windows environments, VMware vCenter, and ESXi, especially in information technology and government services networks. Analysts found it quietly riding alongside normal traffic, exfiltrating files, stealing cryptographic keys, and even self‑healing if defenders try to kill it. CrowdStrike ties BRICKSTORM to a China‑nexus crew dubbed WARP PANDA, with deep expertise in cloud and virtual machines, and at least eight victim organizations so far. While the technical teams publish indicators of compromise and detection signatures, the policy world is swinging its own hammer. The UK’s National Cyber Security Centre just sanctioned Sichuan Anxun Information Technology, better known as i‑Soon, and Integrity Technology Group for what London calls “reckless and indiscriminate cyberattacks” against more than 80 federal and private IT systems. Australia quickly backed the move. Both companies have already been sanctioned by the United States for supporting Chinese intelligence operations, including links to the espionage group Flax Typhoon. Beijing’s Foreign Ministry, via spokesperson Guo Jiakun, condemned the sanctions as politicized “disinformation” and demanded the UK “correct its wrong approach.” Zooming to another long‑running storm: Salt Typhoon. Cybernews and SentinelOne report that Yu Yang and Qiu Daibing, alleged Salt Typhoon operators, once competed in Cisco’s Networking Academy Cup before later co‑owning Beijing Huanyu Tianqiong, a firm repeatedly named in US and allied advisories as a front for hacking at least 80 global telecoms like Verizon, AT&T, T‑Mobile, Viasat, and Lumen. US officials allege Salt Typhoon has also breached a US state Army National Guard network and even US Treasury laptops, positioning itself for potential disruption of critical infrastructure if tensions with China escalate. Plans to sanction China’s Ministry of State Security over these intrusions have reportedly been put on hold to protect a fragile trade deal, raising hard questions about whether economic concerns are trumping cybersecurity. On the defensive side, Congress just moved a must‑pass defense authorization bill that supercharges US cyber posture. The package boosts US Cyber Command funding, locks in its tight partnership with NSA, mandates hardened mobile devices for senior officials, and forces the Pentagon to bake AI‑specific threats into mandatory cyber training. It also pushes for harmonized cybersecurity requirements across the defense industrial base and clearer rules for using commercial cloud enclaves for high‑risk systems. So what should you do? CISA’s BRICKSTORM guidance is blunt This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your Digital Dragon Watch, and this week the dragon’s been busy in the wires. Let’s start with the big one: BRICKSTORM. According to a joint malware analysis from CISA and Canada’s Cyber Centre, BRICKSTORM is a China‑sponsored backdoor designed for long‑term persistence in Windows environments, VMware vCenter, and ESXi, especially in information technology and government services networks. Analysts found it quietly riding alongside normal traffic, exfiltrating files, stealing cryptographic keys, and even self‑healing if defenders try to kill it. CrowdStrike ties BRICKSTORM to a China‑nexus crew dubbed WARP PANDA, with deep expertise in cloud and virtual machines, and at least eight victim organizations so far. While the technical teams publish indicators of compromise and detection signatures, the policy world is swinging its own hammer. The UK’s National Cyber Security Centre just sanctioned Sichuan Anxun Information Technology, better known as i‑Soon, and Integrity Technology Group for what London calls “reckless and indiscriminate cyberattacks” against more than 80 federal and private IT systems. Australia quickly backed the move. Both companies have already been sanctioned by the United States for supporting Chinese intelligence operations, including links to the espionage group Flax Typhoon. Beijing’s Foreign Ministry, via spokesperson Guo Jiakun, condemned the sanctions as politicized “disinformation” and demanded the UK “correct its wrong approach.” Zooming to another long‑running storm: Salt Typhoon. Cybernews and SentinelOne report that Yu Yang and Qiu Daibing, alleged Salt Typhoon operators, once competed in Cisco’s Networking Academy Cup before later co‑owning Beijing Huanyu Tianqiong, a firm repeatedly named in US and allied advisories as a front for hacking at least 80 global telecoms like Verizon, AT&T, T‑Mobile, Viasat, and Lumen. US officials allege Salt Typhoon has also breached a US state Army National Guard network and even US Treasury laptops, positioning itself for potential disruption of critical infrastructure if tensions with China escalate. Plans to sanction China’s Ministry of State Security over these intrusions have reportedly been put on hold to protect a fragile trade deal, raising hard questions about whether economic concerns are trumping cybersecurity. On the defensive side, Congress just moved a must‑pass defense authorization bill that supercharges US cyber posture. The package boosts US Cyber Command funding, locks in its tight partnership with NSA, mandates hardened mobile devices for senior officials, and forces the Pentagon to bake AI‑specific threats into mandatory cyber training. It also pushes for harmonized cybersecurity requirements across the defense industrial base and clearer rules for using commercial cloud enclaves for high‑risk systems. So what should you do? CISA’s BRICKSTORM guidance is blunt This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

China's Cyber Spies Unleash BRICKSTORM Backdoor as US UK Sanctions Fly

0:00 4:09

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Digital Dragon Watch: Weekly China Cyber Alert?

This episode is 4 minutes long.

When was this Digital Dragon Watch: Weekly China Cyber Alert episode published?

This episode was published on December 13, 2025.

What is this episode about?

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your Digital Dragon Watch, and this week the dragon’s been busy in the wires. Let’s start with the big one: BRICKSTORM. According to a joint malware...

Can I download this Digital Dragon Watch: Weekly China Cyber Alert episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!