China-linked Brickstorm malware campaign targets organizations with long dwell times

A cyber espionage campaign attributed to China has been active for at least three years, using the Brickstorm malware to target dozens of organizations. The attacks, discovered over the past four months, have an average dwell time of 393 days per victim. The threat actors exploit vulnerabilities in VMware and Windows, and leverage tools like Active Directory for persistence and lateral movement. Alerts about this campaign come from the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security (DHS), CrowdStrike, Mandiant, and the Google Threat Intelligence Group. The long dwell time indicates a high level of sophistication and the ability to remain undetected for extended periods. This campaign underscores the importance of regular patching, robust monitoring, and securing identity and access management systems to detect and prevent such threats. The involvement of multiple high-profile cybersecurity firms and government agencies highlights the severity and complexity of this ongoing threat.