The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

BRICKSTORM Targets U.S. Tech and Legal Sectors with Stealthy Espionage

Oct 3, 2025 3:29:53 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, credential theft, SonicWall VPN, Ransomware Campaign, Akira Ransomware, CVE-2024-40766, SSL VPN, multi-factor authentication

0 Comments

Verticals Targeted: Legal Services, Software, Business Services, Technology
Regions Targeted: US
Related Families: BRICKSTEAL, SLAYSTYLE 

Executive Summary

The BRICKSTORM backdoor, attributed to the suspected China-nexus threat cluster UNC5221, has been actively targeting U.S. organizations in the legal, SaaS, BPO, and technology sectors since March 2025, enabling prolonged espionage with an average dwell time of 393 days. This sophisticated malware leverages zero-day exploits and stealthy techniques to maintain persistent access, evade detection, and steal sensitive data, posing significant risks to critical infrastructure.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More