Chinese Hackers Use Brickstorm Malware in Long-Term Espionage Campaign Against U.S. Firms

According to Google specialists, suspected Chinese hackers have been conducting espionage operations against U.S. organizations in the technology and legal sectors using the Brickstorm malware. The attackers remained undetected within compromised networks for approximately 400 days, demonstrating a high level of sophistication and persistence. This campaign highlights the ongoing threat of state-sponsored cyber espionage, with Chinese actors often focusing on long-term intelligence gathering. The involvement of additional malware strains such as Spawnant and Zipline, along with the threat group designation UNC5221, suggests a well-coordinated and resourced operation. The targeted sectors—technology and legal—are particularly attractive due to their possession of valuable intellectual property and sensitive information. The extended dwell time underscores the challenges in detecting advanced persistent threats (APTs) and the need for enhanced detection and response capabilities. Cybersecurity professionals should take note of the tactics used in this campaign and consider implementing advanced threat detection tools, conducting regular threat hunting, and adopting a zero-trust security model to mitigate similar risks. Additionally, sharing threat intelligence and maintaining robust incident response plans are critical for defending against such sophisticated threats.