China's Cyber Spies Unleash BRICKSTORM Backdoor as US UK Sanctions Fly

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch, and this week the dragon’s been busy in the wires.Let’s start with the big one: BRICKSTORM. According to a joint malware analysis from CISA and Canada’s Cyber Centre, BRICKSTORM is a China‑sponsored backdoor designed for long‑term persistence in Windows environments, VMware vCenter, and ESXi, especially in information technology and government services networks. Analysts found it quietly riding alongside normal traffic, exfiltrating files, stealing cryptographic keys, and even self‑healing if defenders try to kill it. CrowdStrike ties BRICKSTORM to a China‑nexus crew dubbed WARP PANDA, with deep expertise in cloud and virtual machines, and at least eight victim organizations so far.While the technical teams publish indicators of compromise and detection signatures, the policy world is swinging its own hammer. The UK’s National Cyber Security Centre just sanctioned Sichuan Anxun Information Technology, better known as i‑Soon, and Integrity Technology Group for what London calls “reckless and indiscriminate cyberattacks” against more than 80 federal and private IT systems. Australia quickly backed the move. Both companies have already been sanctioned by the United States for supporting Chinese intelligence operations, including links to the espionage group Flax Typhoon. Beijing’s Foreign Ministry, via spokesperson Guo Jiakun, condemned the sanctions as politicized “disinformation” and demanded the UK “correct its wrong approach.”Zooming to another long‑running storm: Salt Typhoon. Cybernews and SentinelOne report that Yu Yang and Qiu Daibing, alleged Salt Typhoon operators, once competed in Cisco’s Networking Academy Cup before later co‑owning Beijing Huanyu Tianqiong, a firm repeatedly named in US and allied advisories as a front for hacking at least 80 global telecoms like Verizon, AT&T, T‑Mobile, Viasat, and Lumen. US officials allege Salt Typhoon has also breached a US state Army National Guard network and even US Treasury laptops, positioning itself for potential disruption of critical infrastructure if tensions with China escalate. Plans to sanction China’s Ministry of State Security over these intrusions have reportedly been put on hold to protect a fragile trade deal, raising hard questions about whether economic concerns are trumping cybersecurity.On the defensive side, Congress just moved a must‑pass defense authorization bill that supercharges US cyber posture. The package boosts US Cyber Command funding, locks in its tight partnership with NSA, mandates hardened mobile devices for senior officials, and forces the Pentagon to bake AI‑specific threats into mandatory cyber training. It also pushes for harmonized cybersecurity requirements across the defense industrial base and clearer rules for using commercial cloud enclaves for high‑risk systems.So what should you do? CISA’s BRICKSTORM guidance is blunt: treat this as a nation‑state threat. That means: aggressively hunt using the published indicators, inventory and monitor your edge devices, segment networks so web servers can’t stroll over to domain controllers, and align with CISA’s updated Cross‑Sector Cybersecurity Performance Goals. For telecoms, cloud providers, universities, and government entities, experts are stressing rigorous logging in VMware and cloud control planes, strict access control around cryptographic keys, and fast patching pipelines for internet‑facing apps.I’m Ting, and that’s your Digital Dragon Watch for this week. Thanks for tuning in, and don’t forget to subscribe so you never miss the next alert. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

There are no comments yet.

Please log in to write the first comment.