A Chinese hacking group called Warp Panda has been secretly infiltrating US legal, manufacturing, and tech companies since 2022, staying hidden in networks for up to 400 days. The group uses sophisticated malware called BrickStorm that disguises itself as legitimate VMware processes and automatically reinstalls if detected.
The hackers exploit vulnerabilities in popular business tools like Ivanti VPN devices and VMware servers to gain initial access, then move through networks using stolen credentials. They've also targeted Microsoft Azure environments and government entities across Asia Pacific.
CISA issued an alert Thursday warning that one BrickStorm infection went undetected from April 2024 until September 2025. The persistent attacks appear designed to steal intelligence for China's strategic interests.
Source: Security Week