BRICKSTORM Malware: A New Threat from State-Sponsored Actors

On December 20, 2025, the cybersecurity community is on high alert following the announcement from CISA, NSA, and the Canadian Cyber Centre regarding BRICKSTORM, a sophisticated backdoor malware attributed to Chinese state-sponsored actors. This malware primarily targets VMware vSphere and Windows environments, with a focus on government and IT sectors. The attackers have managed to maintain undetected access for up to 17 months, utilizing multiple layers of encryption and DNS-over-HTTPS to conceal their communications. Organizations must prioritize the immediate implementation of enhanced monitoring and security measures to defend against this persistent threat. As the cybersecurity landscape evolves, vigilance is crucial in mitigating the risks posed by such advanced threats.

Also In Security Today

700Credit API Breach: A severe breach at 700Credit has exposed the personal information of over 5.6 million individuals, attributed to a vulnerable API connection. The breach included sensitive data such as names and Social Security numbers, prompting immediate notifications to affected parties and authorities. Read more.

Critical Vulnerabilities in React Server Components: A critical remote code execution vulnerability (CVE-2025-55182) affecting Meta's React framework has been identified with a CVSS score of 10.0. This flaw permits arbitrary code execution in numerous websites utilizing React, demanding immediate attention from developers. Read more.

Cisco Zero-Day Vulnerability: Cisco has reported a zero-day vulnerability in its IOS XE software, which is being actively exploited by APT actors. The flaw allows for unauthenticated remote code execution on enterprise routers, underscoring the need for urgent patch deployment and enhanced security protocols. Read more.

Gentlemen Ransomware: The emerging Gentlemen ransomware is targeting enterprise networks with a double-extortion model. By exfiltrating sensitive data before encryption, this ransomware exemplifies the evolving tactics of cybercriminals. Read more.

Analyst's Take

Today’s news underscores a critical shift in the threat landscape, particularly with state-sponsored malware like BRICKSTORM. Organizations must enhance their security postures, focusing on proactive threat detection and incident response capabilities. The identified vulnerabilities in widely-used frameworks such as React and the Cisco zero-day highlight the importance of regular patch management and security audits. Defenders should also be wary of evolving ransomware tactics, reinforcing the need for comprehensive data protection strategies and employee training to identify potential threats early.