Chinese APT deploys new malware to keep access to hacked networks
Summary
A Chinese espionage group, UNC5221, has been observed using the Brickstorm backdoor and two new malware strains, Plenet and AgentPSD, to maintain access to compromised Microsoft 365 environments. These tools enable persistent access and sophisticated data exfiltration capabilities.
IFF Assessment
FOE
The discovery of new malware and persistent access techniques by a state-sponsored APT group represents a significant threat to defenders.
Defender Context
This article highlights the evolving tactics of Chinese APT groups, emphasizing the need for robust detection and response capabilities against sophisticated backdoors and novel malware. Organizations should strengthen their defenses against persistent threats targeting cloud environments like Microsoft 365.