China's Brickstorm Malware Campaign Infiltrates US Networks for Years Undetected

Chinese hackers using Brickstorm malware infiltrate US infrastructure, maintaining access for over a year in VMware and Windows systems.

By Content Team

Dec 7, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

US cybersecurity officials revealed Thursday that Chinese state-sponsored hackers have been using sophisticated Brickstorm malware to infiltrate critical infrastructure and government networks since at least 2022. The attackers maintain persistent access for an average of 393 days, targeting VMware vSphere and Windows environments while staying hidden in poorly monitored edge devices.

Dozens of US organizations have been compromised, including government agencies, IT firms, and legal services. The malware automatically reinstalls itself if disrupted and allows attackers to steal configuration data, emails, and documents aligned with China's strategic interests. CISA warns this represents an evolution in Chinese cyber tradecraft, with attackers positioning themselves for potential future sabotage operations.

Source: CyberScoop

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Final Call: Two Weeks Left to Claim AT&T's $177 Million Data Breach Settlement

Dec 8, 2025

Canada Issues Alert as Hacktivists Target Critical Infrastructure Systems

Oct 30, 2025

Hackers Are Using AI to Create Smarter, Harder-to-Detect Malware

Nov 27, 2025

Chinese Hackers Turn Security Tool Against Defenders in Ransomware Attacks

Oct 11, 2025