MalwareBleeping Computer
8.5 — CRITICAL
Chinese APT deploys new malware to keep access to hacked networks
A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A Chinese APT group, tracked as UNC5221 (VerdantBamboo), deployed new malware to maintain access to hacked networks, compromising targets in the United States for over a year before detection.
⚙️Technical Details
Affected Systems
Microsoft 365 environmentsEgnyte Storage Sync systempfSense firewallSynology NAS deviceretired Linux GroupWise email archive server
Attack Vectors
Brickstorm backdoorPlenet backdoorAgentPSD reverse shell utility
💥Impact Assessment
Severity: high
Who Is at Risk
Legal services, software-as-a-service providers, business process outsourcers, and technology companies
🛡️Recommended Actions
1Implement conditional access policies to prevent unauthorized access to Microsoft 365 environments
2Monitor for suspicious activity on Egnyte Storage Sync systems and pfSense firewalls
3Regularly update and patch VMware vSphere servers and Dell RecoverPoint for Virtual Machines
📦Affected Products
Microsoft 365Egnyte Storage SyncpfSense firewallSynology NAS device
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.