Belgian cybersecurity specialist Nviso has discovered a new Windows variant of the Brickstorm malware. The malicious software is linked to a Chinese espionage group.
Nviso, a European security specialist founded in Belgium, publishes a report on Brickstorm, a malware used for espionage purposes. The malware has been discovered on Windows devices for the first time. The malware is linked to the Chinese hacker group UNC5221. According to Nviso, the malware had been active for several years in at least one company.
From Linux to Windows
Brickstorm is not an unknown malware virus and has previously been identified on Linux systems. Now the malware is also targeting Windows. According to Nviso’s research team, it is an advanced backdoor that provides attackers with long-term access to internal networks.
This access is misused for espionage activities against Western organizations. The malware had been active for several years in at least one affected company without being noticed.
The espionage campaign is attributed to UNC5221, a group that, according to Nviso, likely has ties to the Chinese government. The latter sees economic growth as a priority within its national security strategy. This explains the targeted efforts to collect intellectual property and strategic information from foreign companies.
Evading Detection
The Brickstorm malware exploits zero-day vulnerabilities, but also misuses existing IT structures and legitimate software tools. This makes it difficult for security teams to detect the presence of the attackers. The malware installs a hidden access point in the corporate network, which can be used to steal sensitive information such as research data, product developments, or strategic documents.
The stolen information is then used for commercial or military purposes. Chinese actors regularly target Western targets, and the goal is often espionage. Nviso’s discovery emphasizes the importance of continuous monitoring and forensic analysis to identify long-term and targeted attacks in a timely manner.