EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Cybercriminals linked to China have targeted government entities with the BRICKSTORM malware
    • Home
    • Cybercrime
    • Cybercriminals linked to China have targeted government entities with the BRICKSTORM malware

    Cybercriminals linked to China have targeted government entities with the BRICKSTORM malware

    Written by
    The Editorial Team
    12.10.25
    Cybercrime
    01
    MIN
    Cybercriminals linked to China have targeted government entities with the BRICKSTORM malware
    Cybercriminals linked to China have targeted government entities with the BRICKSTORM malware
    Cybercriminals linked to China have targeted government entities with the BRICKSTORM malware
    Image Dark web: from the theft of customer databases to the resale of access, anatomy of the data available
    Cybercrime
    03.02.26 Cybercrime
    Next article
    Dark web: from the theft of customer databases to the resale of access, anatomy of the data available
    Read
    05
    MIN
    Image Canada: Quebec School Service Centre Hit by Cyberattack
    Cybercrime
    02.19.26 Cybercrime
    Next article
    Canada: Quebec School Service Centre Hit by Cyberattack
    Read
    01
    MIN
    Image The National File of Bank Accounts Hacked: 1.2 Million Accounts Exposed
    Cybercrime
    02.19.26 Cybercrime
    Next article
    The National File of Bank Accounts Hacked: 1.2 Million Accounts Exposed
    Read
    01
    MIN
    Image Ransomware: Russian Phobos Affiliate Appears Before a French Court
    Cybercrime
    02.17.26 Cybercrime
    Next article
    Ransomware: Russian Phobos Affiliate Appears Before a French Court
    Read
    01
    MIN
    The United States and Canada are warning about this malicious software, designed to ensure “stealthy persistence” in infected information systems.

    U.S. and Canadian authorities issued an alert on December 4, 2025, about a campaign conducted by cybercriminals affiliated with China, using the BRICKSTORM malware to target government entities. CISA and the Canadian Centre for Cyber Security, the U.S. and Canadian equivalents of France’s ANSSI, released this security advisory in collaboration with the U.S. National Security Agency (NSA).

    The document is based on the analysis of eight samples collected from organizations victimized by this “sophisticated and stealthy malware.” The cybercriminals primarily targeted VMware vSphere and Windows environments, where they were able to create virtual machines. BRICKSTORM enabled them to “browse, download, create, delete, and manipulate files,” as well as perform lateral movement.

    The malware includes a “self-monitoring” feature that allows it to reinstall or automatically restart itself in the event of disruptions, making it particularly formidable.

    The Editorial Team
    12.10.25
    Articles by the same author:
    1
    03.06.26 Risks management
    0-day attacks increasingly target the private sector
    Read
    01
    MIN
    2
    03.06.26 Cybercrime
    The leader of the Phobos ransomware gang pleads guilty before U.S. justice
    Read
    01
    MIN
    3
    03.03.26 Cyber stability
    NATO Authorizes the Use of iPhones for Classified Data
    Read
    02
    MIN
    4
    03.03.26 Cyber +
    The United States Exclude Anthropic from Federal Agencies
    Read
    02
    MIN
    Image Dark web: from the theft of customer databases to the resale of access, anatomy of the data available
    Cybercrime
    03.02.26 Cybercrime
    Next article
    Dark web: from the theft of customer databases to the resale of access, anatomy of the data available
    Read
    05
    MIN
    Image Canada: Quebec School Service Centre Hit by Cyberattack
    Cybercrime
    02.19.26 Cybercrime
    Next article
    Canada: Quebec School Service Centre Hit by Cyberattack
    Read
    01
    MIN
    Image The National File of Bank Accounts Hacked: 1.2 Million Accounts Exposed
    Cybercrime
    02.19.26 Cybercrime
    Next article
    The National File of Bank Accounts Hacked: 1.2 Million Accounts Exposed
    Read
    01
    MIN
    Image Ransomware: Russian Phobos Affiliate Appears Before a French Court
    Cybercrime
    02.17.26 Cybercrime
    Next article
    Ransomware: Russian Phobos Affiliate Appears Before a French Court
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.