Brickstorm Malware Hits US Critical Systems, CISA Warns

Chinese-Linked Malware Campaign Targets Critical Environments With Weak Monitoring Chris Riotta (@chrisriotta) • December 4, 2025

Chinese state-sponsored hackers are deploying a stealthy backdoor across critical infrastructure environments, the U.S. federal government warned in a missive detailing how the Brickstorm malware enables long-term persistence inside VMware vCenter servers and Windows systems.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

Nation-state threat actors have used Brickstorm to steal cryptographic keys and clone virtual machine snapshots as part of an effort to harvest credentials. The malware uses multiple layers of encryption for command-and-control, including DNS over HTTPS and can reinstall itself if disrupted, officials said.

The Cybersecurity and Infrastructure Security Agency, National Security Agency and the Canadian Centre for Cyber Security advised operators Thursday to assess their environments and report any suspicious activity to the cyber defense agency. CISA said it analyzed eight Brickstorm samples obtained from ...