Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware | CyberScoop<\/title> <meta name=\"description\" content=\"The attacks, which have impacted dozens of organizations, date back at least three years, lasting an average of 393 days. And that\u2019s just what\u2019s been uncovered in the last four months.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/china-brickstorm-malware-cyber-espionage-campaign-cisa-dhs-alert\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware\"> <meta property=\"og:description\" content=\"The attacks, which have impacted dozens of organizations, date back at least three years, lasting an average of 393 days. And that\u2019s just what\u2019s been uncovered in the last four months.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/china-brickstorm-malware-cyber-espionage-campaign-cisa-dhs-alert\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-12-04T22:19:17+00:00\"> <meta property=\"article:modified_time\" content=\"2025-12-04T23:24:46+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-2.jpg\"> <meta property=\"og:image:width\" content=\"2119\"> <meta property=\"og:image:height\" content=\"1414\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1764717474g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1761324897g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1763439630g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87033\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87033\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchina-brickstorm-malware-cyber-espionage-campaign-cisa-dhs-alert%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchina-brickstorm-malware-cyber-espionage-campaign-cisa-dhs-alert%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87033 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/china-brickstorm-malware-cyber-espionage-campaign-cisa-dhs-alert\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"27.042253521127\">\n<div class=\"single-article__header-content\" readability=\"37.598308668076\">\n<p> The attacks, which have impacted dozens of organizations, date back at least three years, lasting an average of 393 days. And that\u2019s just what\u2019s been uncovered in the last four months. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87033\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"The Great Wall of China\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-2.jpg 2119w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-2.jpg?resize=1536,1025 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-2.jpg?resize=2048,1367 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-2.jpg?resize=1263,843 1263w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> The Great Wall of China <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"65.750765931373\"><body readability=\"135.36107834878\"><\/p>\n<p>Cybersecurity authorities and threat analysts unveiled alarming details Thursday about a suspected China state-sponsored espionage and data theft campaign that Google previously <a href=\"https:\/\/cyberscoop.com\/chinese-cyberespionage-campaign-brickstorm-mandiant-google\/\">warned about in September<\/a>. The outlook based on their limited visibility into China\u2019s sustained ability to burrow into critical infrastructure and government agency networks undetected, dating back to at least 2022, is grim.<\/p>\n<p>\u201cState-sponsored actors are not just infiltrating networks, they are embedding themselves to enable long-term access, disruptions and potential sabotage,\u201d Nick Andersen, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, said during a media briefing.<\/p>\n<p>Brickstorm, a backdoor which Andersen described as a \u201cterribly sophisticated piece of malware,\u201d has allowed the attackers to achieve persistent access with an average duration of 393 days to support immediate data theft and follow-on pivots to other malicious activity, Austin Larsen, principal analyst at Google Threat Intelligence Group, told CyberScoop.<\/p>\n<p>\u201cWe believe dozens of organizations in the United States have been impacted by Brickstorm, not including downstream victims,\u201d Larsen said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>CISA, the National Security Agency and the Canadian Centre for Cyber Security released an <a href=\"https:\/\/www.cisa.gov\/news-events\/analysis-reports\/ar25-338a\">analysis report on Brickstorm<\/a>, which targets VMware vSphere and Windows environments to conceal activity, achieve lateral movement and tunnel into victim networks while also automatically reinstalling or restarting the malware if disrupted. CISA provided indicators of compromise based on eight Brickstorm samples it obtained from victim organizations.<\/p>\n<p>China state-sponsored attackers are primarily implanting Brickstorm into the networks of organizations in government, IT and legal services, and targeting edge devices, software as a service providers and business process outsourcers to gain access to downstream targets, according to officials and researchers.<\/p>\n<p>Andersen declined to say how many government agencies have been impacted or the type of data stolen, but the scope of assumed impact is far greater than what\u2019s been uncovered to date. \u201cI think it\u2019s a logical conclusion to assume that there are additional victims out there that we have not yet had the opportunity to communicate with,\u201d he said.<\/p>\n<p>CrowdStrike, which attributes the attacks to <a href=\"https:\/\/www.crowdstrike.com\/en-us\/blog\/warp-panda-cloud-threats\/\">Warp Panda<\/a>, and GTIG, which attributes the activity to <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/brickstorm-espionage-campaign\">UNC5221<\/a>, both said the Brickstorm campaign goes back to at least 2022. Yet, the intrusions involving Brickstorm weren\u2019t detected until last summer.<\/p>\n<p>\u201cTheir infrastructure expansion, evolution of their tooling, and continued ability to exploit cloud misconfigurations all point to a campaign that remains highly active,\u201d said Adam Meyers, senior vice president of counter adversary operations at CrowdStrike.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>CrowdStrike said it also observed Warp Panda deploy two previously unobserved implants called Junction and GuestConduit. All of the malware is written in Golang. <\/p>\n<p>The threat group has stolen configuration data, identity metadata, documents and emails on topics that align with China\u2019s government interest, Meyers said.<\/p>\n<p>\u201cWhile we haven\u2019t observed destructive follow-on actions, the intelligence value alone is significant. Access to this kind of cloud-resident data gives a state actor the ability to map infrastructure, study dependencies, and position themselves for future operations,\u201d he added. \u201cThat\u2019s what makes this campaign so dangerous, it\u2019s espionage with strategic depth.\u201d<\/p>\n<p>CISA provided details about a 2024 attack on an unnamed organization\u2019s internal network as an example of the threat group\u2019s operations, but much remains unknown. Authorities still don\u2019t know key details about how attackers obtained initial access in that incident, when the webshell was implanted or how they obtained credentials for a second account to move laterally to a domain controller using remote desktop protocol.<\/p>\n<p>Attackers involved in that incident copied the organization\u2019s Active Directory database, obtained credentials for a managed service provider account and used those credentials to move from the internal domain controller to the VMware vCenter server. Officials said the attackers also jumped multiple servers to steal cryptographic keys and elevated privileges, which allowed them to deploy Brickstorm malware in the server\u2019s directory. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The attacks revive and amplify enduring concerns about China\u2019s cyberespionage activity, mirroring other campaigns with similar objectives based on living-off-the-land techniques attributed to other prominent China state-sponsored threat groups.<\/p>\n<p>\u201cCompared to past China-nexus efforts, this campaign represents an evolution of tradecraft,\u201d Meyers said. \u201cIt shows a deep understanding of multi-cloud environments and the identity fabrics that tie them together.\u201d<\/p>\n<p>A sustained lack of insight into China\u2019s already achieved goals and what these persistent backdoors might ultimately allow attackers to accomplish down the line is startling.<\/p>\n<p>The Brickstorm campaign effectively blends objectives spanning espionage, intellectual property theft and persistent access that attackers could use for follow-on malicious activity, Larsen said.<\/p>\n<p>The nation-state attackers are also remarkably stealth, exploiting gaps in networks where detection tools can\u2019t be deployed and prioritizing the compromise of perimeter and remote access infrastructure where log retention is often insufficient to determine the initial access vector, he added. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cIdentifying this activity is exceptionally difficult because it targets appliances and edge devices that are often poorly inventoried and unmonitored,\u201d Larsen said. \u201cThis level of operational security and the focus on \u2018unmanageable\u2019 devices places it among some of the most evasive nation-state activities we track.\u201d<\/p>\n<p> <\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.0481418918919\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/12\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/china-brickstorm-malware-cyber-espionage-campaign-cisa-dhs-alert\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Officials warn about expansive, ongoing China espionage threat riding on<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2795,5075,271,1209,2350,78,452,293,3729,117,646,256,288,2587,212],"tags":[2799,5078,277,668,2354,86,454,299,3731,119,650,262,294,2588,214],"class_list":["post-8177","post","type-post","status-publish","format-standard","hentry","category-active-directory","category-brickstorm","category-china","category-cisa","category-crowdstrike","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-department-of-homeland-security-dhs","category-google-threat-intelligence-group","category-government","category-mandiant","category-research","category-threats","category-vmware","category-windows","tag-active-directory","tag-brickstorm","tag-china","tag-cisa","tag-crowdstrike","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-department-of-homeland-security-dhs","tag-google-threat-intelligence-group","tag-government","tag-mandiant","tag-research","tag-threats","tag-vmware","tag-windows"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/active-directory\/\" rel=\"category tag\">Active Directory<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/brickstorm\/\" rel=\"category tag\">Brickstorm<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/crowdstrike\/\" rel=\"category tag\">CrowdStrike<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-homeland-security-dhs\/\" rel=\"category tag\">Department of Homeland Security (DHS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vmware\/\" rel=\"category tag\">vmware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/windows\/\" rel=\"category tag\">Windows<\/a>","tag_info":"Windows","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8177"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8177\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8177,"date":"2025-12-04T16:19:17","date_gmt":"2025-12-04T22:19:17","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87033"},"modified":"2025-12-04T16:19:17","modified_gmt":"2025-12-04T22:19:17","slug":"officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/12\/04\/officials-warn-about-expansive-ongoing-china-espionage-threat-riding-on-brickstorm-malware\/","title":{"rendered":"Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware"},"content":{"rendered":"