Chinese-linked hackers use backdoor for potential espionage and sabotage

Chinese-linked hackers are reportedly using the malware 'Brickstorm' to gain access to sensitive networks of government services and tech entities. Once inside, they steal personal credentials and sensitive information, allowing complete control over the targeted computers. The malware specifically targets VMware vSphere, a product from Broadcom for managing virtual machines.

In one incident, hackers used Brickstorm to breach a company in April 2024 and maintained access until at least September 3, 2025. CISA, NSA, and the Canadian Cyber Security Centre issued a joint warning and detailed analysis of the malware.

The Google Threat Intelligence Group reported Brickstorm-related breaches in sectors such as legal services, software providers, and outsourcing firms, involving the development of new vulnerabilities and creating access points to a wider array of victims. U.S. government warnings indicate that Chinese hackers have targeted U.S. and global telecommunications companies and other sensitive targets in recent years, including an incident in October linked to U.S. cybersecurity firm F5.

This breach represents a pattern of Chinese hackers targeting critical infrastructure for espionage and potential sabotage, raising concerns over government and tech networks, including credential theft and system control.

The long-term access in incidents like the April 2024 case underscores the continuity of such operations. China's denial and request for evidence add to diplomatic tensions, while agencies recommend implementing patches and security practices to mitigate risks.