Chinese state-backed threat operation UNC5221 has leveraged the sophisticated Brickstorm backdoor to stealthily compromise U.S. cybersecurity firm F5 for over a year, resulting in the exposure of the company's source code, according to Cybernews.Initial compromise of F5 potentially through a zero-day vulnerability allowed code execution and the subsequent configuration of Brickstorm to create an encrypted outbound TLS connection, which was then harnessed to simultaneously carry multiple separate sessions and allow implant management, a report from Resecurity revealed.With full traffic web protocols, Brickstorm could route nefarious traffic as a SOCKS proxy, as well as use multipart/form-data format browsers to conceal data transfers within POST requests."If an attacker gets code execution (via zero-day or weakly secured services), Brickstorm can turn a BIG-IP into a stealth egress point and internal proxy, with minimal logs and long dwell," said Resecurity researchers, who urged immediate efforts to remediate internet-exposed F5 devices.
Threat Intelligence, Breach, Malware
Advanced Brickstorm backdoor discovered in F5 attack

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



