**Chinese-Linked Hackers Unleash "Brickstorm" Malware: A Potential Recipe for Sabotage**

In a disturbing revelation, US and Canadian cybersecurity agencies have issued an advisory warning of a sophisticated hacking operation linked to Chinese actors. The malicious campaign, dubbed "Brickstorm," has been deployed to infiltrate critical infrastructure, embed long-term access, and potentially enable sabotage.

According to the advisory, jointly signed by the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Canadian Centre for Cyber Security, the state-backed hackers are leveraging malware known as "Brickstorm" to target multiple government services and information technology entities. The malicious software is designed to infiltrate VMware vSphere, a product used to create and manage virtual machines within networks.

"The Chinese-linked hacking operations are the latest example of Chinese hackers targeting critical infrastructure, infiltrating sensitive networks, and embedding themselves to enable long-term access, disruption, and potential sabotage," said Madhu Gottumukkala, acting director of CISA. "This is a serious threat that warrants immediate attention from our government agencies, private sector partners, and the public."

The advisory and accompanying malware analysis report (PDF) provide a detailed account of the hackers' tactics, techniques, and procedures (TTPs). According to the report, the attackers used Brickstorm to penetrate a company in April 2024 and maintained access through at least September 3, 2025. The hackers can steal login credentials and other sensitive information, as well as potentially take full control of targeted computers.

While CISA Executive Assistant Director for Cybersecurity Nick Andersen declined to share specifics about the number of government organizations targeted or the extent of the hackers' activities, the advisory highlights the severity of the threat. "We are working closely with our international partners and private sector stakeholders to disrupt these operations and protect our critical infrastructure," Andersen said.

The use of Brickstorm malware is just one example of Chinese hackers targeting critical infrastructure. Previous incidents have highlighted the nation-state actors' ability to develop new, previously unknown vulnerabilities and establish pivot points for broader access to victims. Google's analysis of a 2020 hacking operation, which targeted multiple organizations, revealed that the attackers likely used their espionage efforts for dual purposes: gathering intelligence while also creating opportunities for future exploitation.

The advisory and malware analysis reports are based on eight Brickstorm samples obtained from targeted organizations. The documents serve as a warning to government agencies, private sector entities, and individuals about the growing threat of Chinese-linked hacking operations. As the world becomes increasingly interconnected, cybersecurity threats like Brickstorm highlight the importance of vigilance and collaboration in protecting critical infrastructure.

**Related Documents:**

* CISA Advisory (PDF) * Malware Analysis Report (PDF)

**Stay Informed:**

Sign up for our newsletter to receive updates on the latest cybersecurity threats and trends. Follow us on social media to stay informed about breaking news and analysis on security-related topics.