"Brickstorm is a custom Executable and Linkable Format (ELF) Go-based backdoor that allows attackers to maintain stealthy access and provide capabilities for initiation, persistence, and secure command and control (C2). It initiates by running checks, and maintains persistence by using a self-watching function, automatically reinstalling or restarting if disrupted. For C2, Brickstorm uses multiple layers of encryption - HTTPS, WebSockets and nested Transport Layer Security (TLS) - to hide its communications with the cyber actors' C2 server."
"For remote system control, it gives cyber actors interactive shell access on the system and allows them to browse, upload, download, create, delete, and manipulate files. Meanwhile, some samples act as a SOCKS proxy, facilitating lateral movement and allowing cyber actors to compromise additional systems."
"Jon Baker, VP of threat-informed defense at AttackIQ, warned Brickstorm "excels at remaining undetected within networks".. "The malware runs continuous health checks on itself, allowing it to reinstall and restart if tampered with, ensuring its continued operation," Baker explained. "All of this comes together to create a stealthy and resilient malware that can spread across networks and remotely take over entire systems.""
China-sponsored threat actors use Brickstorm, a custom ELF Go-based backdoor, to maintain stealthy, persistent access in critical infrastructure networks. Brickstorm performs initial checks and employs a self-watching function that automatically reinstalls or restarts the backdoor if tampered with. Command-and-control communications are layered with HTTPS, WebSockets, and nested TLS, and the malware can use DNS-over-HTTPS and mimic web server behavior to blend with legitimate traffic. The backdoor provides interactive shell access and full file management, can operate as a SOCKS proxy for lateral movement, and has been used to target VMware vSphere environments to access vCenter consoles and steal cloned VM snapshots for credential extraction.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]