The espionage activities of UNC5221 align with China's national strategy to enhance economic strength by targeting the intellectual property of Western firms.

The malware is designed to operate stealthily within a company's IT infrastructure, allowing attackers to access sensitive data, including research and military intelligence, without raising alarms.

Nviso, a European cybersecurity firm, has identified a new variant of Brickstorm malware targeting Windows systems, which is linked to the Chinese espionage group UNC5221.

Unlike traditional ransomware, Brickstorm focuses on stealing confidential data while remaining undetected, utilizing advanced infiltration techniques and evasion strategies.

Nviso recommends organizations block DNS over HTTPS (DoH) providers and review their TLS inspection processes to improve detection and security against such threats.

This Windows version of Brickstorm employs network tunneling and valid credentials to exploit protocols like Remote Desktop Protocol (RDP) and Server Message Block (SMB), differing from its original Linux-targeting form.

Notably, the Windows variant lacks command execution capabilities, which may have been intentionally omitted to evade detection by security products.

The backdoor's infrastructure is obscured through shared and distributed IP addresses, complicating detection efforts and allowing for prolonged undetected access.

The firm urges all companies to promptly review their findings to mitigate potential risks associated with this malware.

Nviso emphasizes the importance of continuous security auditing and improvement, especially for industries of strategic interest to the People's Republic of China.

Overall, the findings highlight the persistent threat posed by Brickstorm malware and the sophisticated methodologies employed by UNC5221 in their cyber-espionage campaigns.

Recent findings indicate that UNC5221 has maintained its infrastructure over the years, underscoring the need for at-risk industries to enhance their security measures and conduct regular audits.