VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
Summary
A China-nexus cyber espionage group, identified as VerdantBamboo, is reportedly deploying a BSD variant of the BRICKSTORM backdoor and two other malware families (PLENET and AGENTPSD) to target Linux appliances. This activity has been linked to known hacking groups such as Clay Typhoon.
IFF Assessment
The deployment of new malware variants and the targeting of Linux appliances by a sophisticated threat group represent an increased risk to organizations.
Defender Context
This development highlights the ongoing threat from advanced persistent threats (APTs) targeting Linux-based infrastructure, which is common in many IT environments. Defenders should be vigilant for the indicators of compromise associated with BRICKSTORM, PLENET, and AGENTPSD, and ensure their Linux systems are adequately secured and monitored.