The US Cybersecurity and Infrastructure Security Agency (CISA) warned of “ongoing intrusions” from Chinese nation-state actors deploying the Brickstorm backdoor in organizations’ VMware vSphere environments.
In an alert published Thursday, CISA said threat actors tied to the People’s Republic of China (PRC) are primarily targeting organizations in the government and information technology sectors. The attackers use Brickstorm, a “sophisticated backdoor,” to maintain long-term stealth access to targeted networks, according to the CISA alert.