The Cybersecurity and Infrastructure Security Agency (CISA) released an update to its BRICKSTORM Backdoor Malware Analysis Report (MAR) developed with the National Security Agency and Canadian Centre for Cyber Security. The update includes analysis and detection signatures for a new BRICKSTORM variant that uses .NET Native Ahead-of-Time (AOT) compilation—making it more versatile and harder to detect.
Like previous BRICKSTORM samples, the variant has initiation and secure command and control capabilities that use multiple layers of encryption to hide its communications, but unlike other samples, it does not have built-in self-monitoring capabilities to enable persistence.
This update delves into the variant’s functionality and offers new YARA rules to support detection. CISA urges all organizations who use VMware vSphere, especially those in the Government Services and Facilities and Information Technology sectors, to review the updated MAR and implement mitigation measures.
Please share your thoughts with us through this this anonymous survey. We appreciate your feedback!
Share this:
Discover more from #News247WorldPress
Subscribe to get the latest posts sent to your email.