Organizations across Europe are having their Windows systems compromised with the BRICKSTORM backdoor linked to Chinese state-backed threat operation UNC5221 as part of a cyberespionage campaign that commenced three years ago, Infosecurity Magazine reports.
Unlike the original Linux-targeting BRICKSTORM payload that enabled direct command execution, BRICKSTORM for Windows leveraged network tunneling capabilities and valid credentials to compromise Remote Desktop Protocol and Server Message Block instead, according to findings from European cybersecurity firm NVISO. Moreover, BRICKSTORM for Windows' utilization of DNS over HTTPS for its command-and-control servers and scheduled tasks enabled the circumvention of security controls, noted NVISO researchers, who added that the backdoor's infrastructure has also been concealed through shared and distributed IP addresses. "These recent discoveries of several year-old adversary capabilities, alongside evidence of infrastructure maintenance, highlight the need for at-risk industries to bolster their security posture and continuously audit their environment for rare or uncommon activity," researchers added.
Unlike the original Linux-targeting BRICKSTORM payload that enabled direct command execution, BRICKSTORM for Windows leveraged network tunneling capabilities and valid credentials to compromise Remote Desktop Protocol and Server Message Block instead, according to findings from European cybersecurity firm NVISO. Moreover, BRICKSTORM for Windows' utilization of DNS over HTTPS for its command-and-control servers and scheduled tasks enabled the circumvention of security controls, noted NVISO researchers, who added that the backdoor's infrastructure has also been concealed through shared and distributed IP addresses. "These recent discoveries of several year-old adversary capabilities, alongside evidence of infrastructure maintenance, highlight the need for at-risk industries to bolster their security posture and continuously audit their environment for rare or uncommon activity," researchers added.
