The Gaming Boardroom

Joint malware analysis report on Brickstorm backdoor – Canadian Centre for Cyber Security

Steve Tyler Leave a comment

Joint malware analysis report on Brickstorm backdoor – Canadian Centre for Cyber Security

Summary

The Canadian Centre for Cyber Security, together with the US CISA and NSA, released a joint malware analysis report on the Brickstorm backdoor. The report warns that PRC state-sponsored threat actors are using Brickstorm for long-term persistence, primarily against government services, facilities and organisations in the information technology sector.

Brickstorm is a sophisticated backdoor targeting Linux (notably VMware vCenter servers and the VMKernel on VMware ESXi) and Windows environments. Compromised vCenter instances can be abused to steal cloned VM snapshots for credential extraction and to create rogue virtual machines that are hidden from vCenter management.

The publication includes indicators of compromise (IoCs) and detection signatures derived from analysis of eight Brickstorm samples and urges organisations to use these artefacts to identify infections.

Key Points

  • Joint report published by Canadian Centre for Cyber Security, CISA and NSA analysing Brickstorm backdoor.
  • Actors attributed to the People’s Republic of China are using Brickstorm for long-term persistence.
  • Primary targets observed: government services, facilities and organisations in the IT sector.
  • Brickstorm targets VMware vSphere platforms: vCenter servers and VMKernel (VMware ESXi), and also affects Windows systems.
  • Post-compromise activity includes stealing cloned VM snapshots to extract credentials and creating rogue VMs hidden from vCenter.
  • Report provides IoCs and detection signatures based on eight analysed samples; organisations are urged to apply them immediately.

Why should I read this?

Short version: if you run VMware vSphere or manage infrastructure that touches vCenter or ESXi, this matters. Brickstorm lets attackers hide VMs and harvest credentials — which can give them long-term, stealthy access. The joint report gives ready-made IoCs and detection tips so you can check your estate fast. Read it to see if you’re exposed and what to scan for.

Source

Source: https://cyber.gc.ca/en/news-events/joint-malware-analysis-report-brickstorm-backdoor

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 The Gaming Boardroom. All rights reserved.