China-Linked Hackers Target US and Canadian Government Networks with ‘Brickstorm’ malware
Table of Contents
A joint warning from US and Canadian cybersecurity authorities has revealed a series of complex hacking attacks attributed to China, targeting government and IT infrastructure with the intent of establishing long-term access to sensitive networks. The attacks utilize a malware strain dubbed ‘Brickstorm,’ enabling persistent infiltration and potential disruption of critical systems.
Escalating Cyber Threat Landscape
The cybersecurity agencies highlighted the escalating threat posed by Chinese state-sponsored actors, who, according to a senior official, are actively infiltrating networks “to enable long-term access, disruption and potential sabotage.” The ‘Brickstorm’ malware has been deployed against a range of government services and IT entities,allowing attackers to steal login credentials and other sensitive data,effectively granting them control over compromised computers.
One particularly concerning instance involved a company breached in April 2024, with attackers maintaining access for over a year, until at least September 3, 2025. This demonstrates the malware’s capability to establish and maintain a persistent foothold within targeted networks.
Technical Details of the ‘Brickstorm’ Malware
Analysis of eight ‘Brickstorm’ samples obtained from affected organizations reveals the malware’s sophisticated nature. However, a deputy director of cybersecurity at CISA declined to disclose the total number of government organizations impacted or the full scope of the hackers’ activities.
The hackers are specifically targeting VMware vSphere, a virtualization product from Broadcom, used for creating and managing virtual machines. Broadcom has urged customers to instantly apply available software patches and reinforce their operational security protocols.
China Denies Allegations
the Chinese embassy in Washington swiftly rejected the accusations. A spokesperson, Liu Pengyu, stated that the Chinese government “does not encourage, support or tolerate cyberattacks,” and dismissed the claims as irresponsible, emphasizing that no inquiry had been made by the agencies and no factual evidence had been presented.
Implications and Ongoing Response
The attacks underscore the growing sophistication and persistence of state-sponsored cyber threats. The ability to maintain access for extended periods, as demonstrated in the April 2024 breach, poses a significant risk to national security and critical infrastructure.
While the full extent of the damage remains unclear,cybersecurity experts emphasize the importance of proactive threat detection,robust security measures,and international cooperation to mitigate the risk of future attacks. “.
The incident serves as a stark reminder of the constant need for vigilance in the face of evolving cyber threats and the critical role of collaboration between governments and the private sector in defending against them.
Here’s a breakdown answering the “Why, Who, What, and How” questions, integrated into a more substantive news report:
Why: The attacks were motivated by a desire to establish long-term access to sensitive networks for potential disruption and sabotage, according to US cybersecurity officials. The goal appears to be espionage and the potential to compromise critical infrastructure.
Who: The attacks are attributed to China-linked hackers, specifically state-sponsored actors. The Chinese government denies any involvement, claiming they do not support cyberattacks. The US and Canada’s cybersecurity agencies jointly issued the warning. Broadcom, the maker of VMware vSphere, is also involved in the response, urging customers to patch vulnerabilities.
What: A series of sophisticated hacking attacks utilizing malware dubbed ‘Brickstorm’ targeted US and Canadian government
