Chinese Hackers Hide in US Networks for Over a Year Using Advanced Malware

Warp Panda hacks US firms using BrickStorm malware, exploiting tech vulnerabilities to steal intelligence for China.

By Content Team

Dec 6, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A Chinese hacking group called Warp Panda has been secretly infiltrating US legal, manufacturing, and tech companies since 2022, staying hidden in networks for up to 400 days. The group uses sophisticated malware called BrickStorm that disguises itself as legitimate VMware processes and automatically reinstalls if detected.

The hackers exploit vulnerabilities in popular business tools like Ivanti VPN devices and VMware servers to gain initial access, then move through networks using stolen credentials. They've also targeted Microsoft Azure environments and government entities across Asia Pacific.

CISA issued an alert Thursday warning that one BrickStorm infection went undetected from April 2024 until September 2025. The persistent attacks appear designed to steal intelligence for China's strategic interests.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

AI Powers Cybercrime's New 'Fifth Wave' with $5 Deepfakes and Automated Phishing

Jan 20, 2026

Hackers Target BeyondTrust Flaw Within Hours of Exploit Code Release

Feb 13, 2026

Hackers Compromise Popular JavaScript Library Axios, Potentially Affecting 600,000 Downloads

Mar 31, 2026

Russian Hackers Permanently Damage Equipment in Attack on Polish Power Grid

Jan 30, 2026