What happened
CISA reported that Chinese state-linked hackers are deploying new BrickStorm malware to compromise unpatched VMware servers and maintain persistent access.
Who is affected
Organizations running exposed or outdated VMware systems that support critical workloads.
Why CISOs should care
BrickStorm allows long-term access inside virtualized environments, which raises the risk of data theft, lateral movement, and operational disruption.
3 practical actions
-
Patch vulnerable VMware servers and secure any exposed management interfaces.
-
Hunt for indicators of compromise tied to BrickStorm and watch for unusual activity in virtual machine environments.
-
Segment networks to limit access to critical systems if attackers gain entry.