• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 14,000 monthly views and 157,000 clicks per month, as per Google Analytics! Thank you for your support! 🎉

UNC5221 BRICKSTORM Malware Targets U.S. Legal and Technology Companies

johny899

johny899

New Member
Content Writer
Messages
486
Reaction score
3
Points
23
Balance
$557.1USD
Have you ever thought about how hackers can stay hidden in a system for months without detection? That's what UNC5221 is doing right now. They are a stealthy hacking group targeting certain U.S. legal, technology, SaaS, and business companies, where they are using malware called BRICKSTORM.

What is BRICKSTORM?​

BRICKSTORM differs from regular malware in that it:

• Can execute commands on a host machine
• It can organize files
• Can be a network tunnel to move around internally
• Can run on Linux and BSD servers

It can even communicate with its command-and-control server via WebSockets to help it go undetected by regular security tools.

How UNC5221 Gets In​

UNC5221 typically compromises Ivanti Connect Secure systems that they can identify aka drift detect weaknesses, to penetrate networks. Once inside, they are capable of:

• Steal passwords with BRICKSTEAL
• Copy virtual servers for critical-related information
• Remain undetected with in-memory changes that do not require a server reboot to be enacted

Some versions of BRICKSTORM will wait months before contacting the hackers, making detection even harder.

What They Want​

The main objective is mail and secrets, sensitive information from employees and key personnel. And by establishing a foothold in SaaS providers, they can access other companies' data. In essence, they effectively open doors to targets without any friction.

How to Safeguard Yourself​

Google published a script to access BRICKSTORM on Linux and BSD systems, but it’s complicated because they work to avoid standard security measures. Companies need to routinely monitor the health of their servers and applications, particularly those that do not have formal security measures.

Why This Matters​

This attack indicates that hackers continue to become more intelligent and patient for their end goal. They are no longer looking for a quick data theft. They are invading and retaining long-term access and control of critical systems was determined when this writer quickly adapted the screen name named "unc5221". Although the original hacker may be ahead in regard to BRICKSTORM, they are engaging in a slow, intelligent game that is developed long before they got on anyone's radar. You can be left off-guard.
 
You must log in or register to reply here.

Support / Help Desk

Blog - (WHV)

Hosting Reviews

Navigation

  1. WHV Forums
    1. WHV - Announcements
    2. General Discussion
    3. Introduction
    4. Web Hosting Forum
    5. Help
    6. News
  2. Marketplace
    1. VPS Offers
    2. Dedicated Server Offers
    3. Shared Hosting Offers
    4. Reseller Hosting Offers
    5. Other Offers (Not Hosting)
    6. Domains
  3. Web Hosting Discussion
    1. Hosting Software & Control Panels
    2. Other Hosting Tutorials
    3. Reviews
    4. Articles
    5. Offtopic
  4. Web Hosting Tutorials
    1. cPanel Tutorials
    2. WHM Reseller Tutorials
    3. DirectAdmin Tutorials
    4. Blesta Tutorials
    5. WHMCS Tutorials
  5. Hosting Extensions
    1. WHMCS Market
    2. Blesta Market
    3. HostBill Market
Top