U.S. and Canada Warn: CCP Hackers Have Long Been Lurking in Government Networks to Cause Damage

People News 2025-12-06 11:16

Image of CCP hacker intrusion. (Image generated by Grok AI)

[People News] The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. National Security Agency (NSA), and the Canadian Centre for Cyber Security (CCCS) jointly issued a warning and analytical report on BRICKSTORM on Thursday (December 4). The report provides detailed disclosure that CCP-government-backed hackers are conducting broad operations and using this malware to carry out long-term, persistent attacks on victims’ network systems.

According to a Voice of America report, the U.S. Cybersecurity and Infrastructure Security Agency said in a statement Thursday that the agency “has become aware that hackers supported by the People’s Republic of China (PRC) are using BRICKSTORM malware to continuously infiltrate victim systems to achieve long-term persistence. BRICKSTORM is a complex backdoor targeting VMware vSphere and Windows environments. The affected organizations are primarily concentrated in the government facilities and information technology sectors.”

The statement gave an example, saying that in one confirmed intrusion incident, CCP-government-backed hackers accessed a network server inside an organization’s demilitarized zone (DMZ), moved laterally to an internal VMware vCenter server, and then implanted the BRICKSTORM malware.

The U.S. Cybersecurity and Infrastructure Security Agency also said: “After gaining access to the victim’s systems, PRC-government-supported cyber actors obtain and use valid credentials by performing system backups or capturing Active Directory database information, thereby stealing sensitive information. The cyber actors then target the VMware vSphere platform, steal cloned virtual machine (VM) snapshots to extract credentials, and create hidden malicious virtual machines to evade detection.”

The U.S. and Canadian cybersecurity agencies did not disclose the names of the specific victim organizations in their report but noted that they were all “government and critical infrastructure organizations.”

The U.S. government states that in recent years, hackers linked to the CCP government have carried out attacks on a range of U.S. and other countries’ telecommunications companies, network service providers, and other sensitive targets.

In a statement Thursday, the U.S. National Security Agency encouraged organizations—“especially those within the critical infrastructure, government services and facilities, and information technology sectors”—to use the “indicators of compromise” (IOC) and detection characteristics listed in the analytical report to detect BRICKSTORM backdoor activity. The agency urged organizations that detect BRICKSTORM, similar malware, or potentially related activity to immediately report the intrusion incident.

△

« Previous article A Large-Scale Military–Civilian Clash Unfolds in Shanghai’s Hongkou District (Photos)

Next article » House Passes Three Bills to Block CCP Intrusion Into U.

House Passes Three Bills to Block CCP Intrusion Into U.S. K–12 Classrooms

5 Comments

Jennifer Tan Oct 27, 2019 at 12:11 am

News magazine bootstrap themes!

Reply
Carlos vila Oct 27, 2019 at 15:11 am

I like this themes, fast loading and look profesional

Reply
- Jennifer Tan Oct 27, 2019 at 16:11 am
  
  Thank you Carlos!
  
  Reply
  - Carlos vila Oct 27, 2019 at 17:11 am
    
    You're welcome!
    
    Reply
Jennifer Tan Oct 27, 2019 at 17:11 am

Please support me with give positive rating!

Reply
- Carlos vila Oct 27, 2019 at 16:15 am
  
  Yes Sure!
  
  Reply