CISA Warns of Chinese BrickStorm Malware Targeting VMware vSphere Servers

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about attacks by Chinese threat actors targeting VMware vSphere servers with a malware strain known as BrickStorm. The attackers are exploiting unpatched vulnerabilities, including CVE-2023-34048 in VMware vCenter Server and CVE-2024-37085 in ESXi, to compromise virtualized environments. The BrickStorm malware enables persistence and remote command execution, facilitating data exfiltration or the deployment of additional malicious payloads. Critical infrastructure entities, particularly in the United States, are targeted. However, the warning does not specify a precise timeline for these attacks. This incident underscores the critical importance of timely patching and robust defense-in-depth strategies for virtualization platforms. Organizations are strongly advised to prioritize patching known vulnerabilities, implement network segmentation, and enhance monitoring for suspicious activities in their virtualized environments.