Threat Intelligence, Breach, Malware

Advanced Brickstorm backdoor discovered in F5 attack

(Adobe Stock)

Chinese state-backed threat operation UNC5221 has leveraged the sophisticated Brickstorm backdoor to stealthily compromise U.S. cybersecurity firm F5 for over a year, resulting in the exposure of the company's source code, according to Cybernews.

Initial compromise of F5 potentially through a zero-day vulnerability allowed code execution and the subsequent configuration of Brickstorm to create an encrypted outbound TLS connection, which was then harnessed to simultaneously carry multiple separate sessions and allow implant management, a report from Resecurity revealed.

With full traffic web protocols, Brickstorm could route nefarious traffic as a SOCKS proxy, as well as use multipart/form-data format browsers to conceal data transfers within POST requests.

"If an attacker gets code execution (via zero-day or weakly secured services), Brickstorm can turn a BIG-IP into a stealth egress point and internal proxy, with minimal logs and long dwell," said Resecurity researchers, who urged immediate efforts to remediate internet-exposed F5 devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds