Joint Cybersecurity Advisory from the US and Canada
The cybersecurity agencies of the United States and Canada have collaboratively released a cautionary advisory, highlighting the infiltration of malware attacks orchestrated by hackers with connections to China.
These malicious activities have reportedly granted these hackers enduring access to several yet-to-be-disclosed governmental and information technology entities.
This advisory has received endorsements from prominent agencies, namely the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), alongside the Canadian Centre for Cyber Security.
According to Madhu Gottumukkala, the acting director of CISA, the operations attributed to Chinese actors demonstrate a systematic approach to “infiltrating sensitive networks, ensuring prolonged access, enabling disruption, and posing risks of potential sabotage.”
‘Brickstorm’ Malware: A Persistent Threat
The cybersecurity experts have identified the malevolent software employed by these state-sponsored hackers as “Brickstorm.” This malware has been used to target an array of governmental services and information technology infrastructures.
Once the hackers gain entry into victim networks, they proceed to exfiltrate login credentials and other vital information, effectively providing them with the capacity to dominate compromised systems.
The nature of this threat lies in its capacity for persistent access. The advisory detailed an instance wherein the perpetrators utilized Brickstorm to infiltrate a particular organization in April 2024, sustaining their access for an extended period, reportedly until September 3, 2025.
The analysis was derived from eight distinct samples of Brickstorm obtained from affected organizations. Notably, Nick Andersen, the executive assistant director for Cybersecurity at CISA, refrained from disclosing specific information regarding the total number of targeted governmental bodies or the full ramifications inflicted once the hackers breached their networks.
Broadcom’s VMware: A Prominent Target
Reports indicate that the hackers are specifically deploying this malware against VMware vSphere, a product offered by Broadcom’s VMware, which is utilized for the creation and management of virtual machines within network environments.
A spokesperson from Broadcom urged all clients to implement the most current software patches and maintain stringent operational security in light of these revelations.
China’s Denial of Hacking Allegations
The Chinese embassy in Washington has promptly dismissed these allegations. Liu Pengyu, a spokesperson for the embassy, asserted that the Chinese government does not “endorse, support, or facilitate cyber attacks.”
He further condemned the assertions made by concerned parties as irresponsible, noting that no requests regarding the matter had been presented, nor had any factual evidence been provided to substantiate the claims.
Source link: Timesofindia.indiatimes.com.
