BrickStorm is a highly stealthy Linux backdoor designed for long-term, targeted cyber-espionage. Brickstorm is closely associated with Cyber Espionage group UNC5221, which is known for exploiting zero-days vulnerability in network edge appliances like Ivanti, F5 and MiTRE breach. Unlike commodity malware, BrickStorm is deployed post-compromise, operates largely in memory, and uses a modular architecture with custom encrypted command-and-control (C2). Its focus on Linux servers, network appliances, and embedded systems reflects a broader trend: attackers increasingly target infrastructure layers where visibility and detection are weakest.
Cyber criminal organization based out of Russia known as RomCom have been very active lately targeting Ukraine and its military. The threat actors were targeting European government officials with phishing emails containing lure documents around the current political situation.
Subscribe to the Versa Blog
Trial
ROI
Contact