BrickStorm Strikes Back: New Windows Variants Threaten Security in 2024
BrickStorm backdoor versions are targeting Windows environments, warns Nviso. The Chinese APT UNC5221 exploited zero-day vulnerabilities in Ivanti Connect Secure VPN to hack MITRE. While lacking command execution, the Windows variants use network tunneling and stolen credentials for attacks. Industries must enhance security to counter these persistent adversaries.
Hot Take:
BrickStorm is back, baby! The hackers have decided to ring in the New Year with a bang, taking a play straight out of the hacker’s guidebook by using their trusty backdoor technique to crash MITRE’s party. New year, new exploits, same old cyber chaos. Maybe it’s time to treat cyber threats like a gym membership – always active, always lurking, and somehow always one step ahead of you.
Key Points:
- UNC5221, a Chinese APT, exploited zero-day vulnerabilities in Ivanti Connect Secure VPN to infiltrate MITRE.
- BrickStorm backdoor now has Windows variants targeting European organizations.
- The backdoor uses DNS over HTTPS to conceal command-and-control server communications.
- Public cloud services are being exploited to hide the hackers’ infrastructure.
- Nviso stresses the importance of upgrading security measures against such persistent threats.