{"id":261154,"date":"2025-04-17T08:10:19","date_gmt":"2025-04-16T23:10:19","guid":{"rendered":"https:\/\/designcopy.net\/stealthy-brickstorm-malware-breaches-european-networks\/"},"modified":"2026-04-06T16:16:06","modified_gmt":"2026-04-06T07:16:06","slug":"stealthy-brickstorm-malware-breaches-european-networks","status":"publish","type":"post","link":"https:\/\/designcopy.net\/ko\/stealthy-brickstorm-malware-breaches-european-networks\/","title":{"rendered":"Stealthy Brickstorm Malware Breaches European Networks"},"content":{"rendered":"

Chinese hackers have breached European networks<\/strong> with a sophisticated backdoor malware<\/strong> called Brickstorm<\/strong>. The nasty little bug, linked to threat group UNC5221<\/strong>, has been silently slithering through critical infrastructure<\/strong> since at least 2022. Not your typical smash-and-grab operation. These folks are after something bigger than money\u2014they want trade secrets<\/strong>, research data<\/strong>, and strategic plans<\/strong>. Classic espionage, digital style.<\/p>\n

Brickstorm started life targeting Linux vCenter servers<\/strong> but got ambitious. Now it\u2019s infecting Windows environments too. The malware\u2019s favorite entry point? Vulnerable network appliances<\/strong> like Ivanti Connect Secure VPNs<\/strong>. Once inside, it digs in deep. Scheduled tasks for persistence<\/strong>. Multiple system locations. Years of undetected access in some cases. Scary stuff. Recent findings by Mandiant indicate that 78% of malware breaches in 2023 exploited vulnerabilities in network appliances, particularly those running outdated firmware.<\/p>\n

The technical chops on display are impressive, if you\u2019re into digital break-ins. Written in Go, Brickstorm offers file browsing, transfers, and network tunneling via an elegant HTTP API. It\u2019s basically an invisible remote control for your entire network. The Windows version particularly skips direct command execution\u2014smart move to avoid detection. The malware supports TCP, UDP, and ICMP<\/a> relaying that enables attackers to move laterally through compromised networks. Brickstorm’s Go-based architecture enables rapid deployment, with malware infections in Europe increasing by 37% last year according to Europol’s cybercrime report.<\/p>\n

What really sets Brickstorm apart is its stealth game. Three nested TLS layers? Check. DNS-over-HTTPS to dodge monitoring? You bet. Communication through legitimate cloud services like Cloudflare Workers and Heroku? Absolutely. It\u2019s practically wearing an invisibility cloak. The attackers further conceal their infrastructure by using DNS over HTTPS<\/a> through trusted providers like Cloudflare and Google.<\/p>\n

European cybersecurity firm NVISO deserves credit for spotting the Windows variants, while Mandiant caught the Linux version. Both confirm this is consistent with China\u2019s broader strategy of strengthening economic power through industrial theft. Pretty brazen approach. China-linked cyberattacks targeting European networks increased by 42% in 2023, according to a report by cybersecurity firm CrowdStrike.<\/p>\n

For affected organizations, the damage is likely extensive. The malware facilitates lateral movement<\/strong> using protocols like RDP and SMB, often paired with stolen credentials. Recent studies show that 60% of malware attacks leverage stolen credentials, per a 2023 IBM Security X-Force Threat Intelligence Index report.<\/p>\n

And once these attackers are in, they don\u2019t leave quickly. They\u2019re patient. Methodical. Just sitting there, quietly exfiltrating everything of value. Your intellectual property<\/strong> walking out the digital door, one encrypted packet at a time.<\/p>\n


\n