CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks

CISA warns of cyberattacks by Chinese hackers using Brickstorm malware on U.S. government and IT targets, focusing on VMware systems.

By Content Team

Dec 5, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

CISA issued an urgent alert Thursday about ongoing cyberattacks by Chinese state-backed hackers targeting U.S. government and IT organizations using the sophisticated Brickstorm backdoor. The attackers are specifically going after VMware vSphere environments, where they can steal virtual machine snapshots and create hidden rogue VMs.

The Go-based malware automatically reinstalls itself if disrupted and uses multiple encryption layers to communicate with command-and-control servers. In one documented case, attackers maintained network access from April 11 through September 2, 2024, moving from a web server to domain controllers and eventually VMware systems.

CISA recommends keeping VMware servers updated, monitoring for unauthorized VMs, and blocking external DNS-over-HTTPS traffic to prevent these stealth attacks.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hasbro Hit by Cyberattack, Potentially Delaying Peppa Pig and Transformers Deliveries

Apr 2, 2026

TfL Hack Affected 10 Million People in One of Britain's Biggest Data Breaches

Mar 11, 2026

VS Code Configs Expose GitHub Codespaces to Supply Chain Attacks

Feb 5, 2026

Microsoft Rushes Emergency Patch for Office Zero-Day Under Active Attack

Jan 28, 2026