Chinese Hackers BrickStorm Targeting Southeast Asia with Espionage Campaign

Chinese threat actors known as BrickStorm have been identified conducting a sophisticated espionage campaign targeting Southeast Asian countries. This group employs advanced malware and phishing techniques to infiltrate government and private sector networks, aiming to steal sensitive information and intellectual property. The campaign highlights the increasing cyber threats from state-sponsored groups leveraging zero-day vulnerabilities and custom malware to maintain persistence and evade detection. Organizations in the region are urged to enhance their cybersecurity posture, implement robust threat detection systems, and conduct regular security audits to mitigate the risks posed by BrickStorm. This article delves into the tactics, techniques, and procedures (TTPs) used by BrickStorm, the implications for regional cybersecurity, and recommended defensive measures to protect critical infrastructure and data assets.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 25 Sep 2025 11:35:02 +0000

Cyber News related to Chinese Hackers BrickStorm Targeting Southeast Asia with Espionage Campaign

Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
1 year ago Apnews.com

Chinese Hackers BrickStorm Targeting Southeast Asia with Espionage Campaign - Chinese threat actors known as BrickStorm have been identified conducting a sophisticated espionage campaign targeting Southeast Asian countries. This group employs advanced malware and phishing techniques to infiltrate government and private sector ...
3 months ago Infosecurity-magazine.com BrickStorm

Southeast Asian cyber fraud industry at ‘inflection point’ as it expands globally | The Record from Recorded Future News - Another one of those areas is the Pacific islands, where criminal groups with connections to the Southeast Asian fraud industry have built up infrastructure like casinos and resorts and have taken advantage of citizenship-by-investment schemes on ...
8 months ago Therecord.media

Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
1 year ago Cysecurity.news Volt Typhoon

Chinese Hackers Using New BRICKSTORM Malware to Attack Windows & Linux Machines - Notably, unlike the Linux variant reported by Mandiant, the Windows samples lack direct command execution capabilities—a suspected deliberate choice to evade detection by security solutions that analyze parent-child process relationships. The ...
8 months ago Cybersecuritynews.com

Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
1 year ago Bleepingcomputer.com CVE-2022-42475

Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
2 years ago Securityweek.com Silence

Chinese Hackers Employ New Reverse SSH Tool to Attack Organizations - A sophisticated Chinese hacking group known as Billbug (also tracked as Lotus Blossom, Lotus Panda, and Bronze Elgin) has intensified its espionage campaign across Southeast Asia, employing a new custom Reverse SSH Tool to compromise high-value ...
8 months ago Cybersecuritynews.com Lotus Blossom

China-linked hackers target BrickStorm backdoor IP addresses - China-linked hackers have been observed targeting IP addresses associated with the BrickStorm backdoor, a sophisticated malware used for persistent access and espionage. This campaign highlights the ongoing cyber espionage efforts attributed to ...
3 months ago Therecord.media China-linked hackers

China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - A previously unknown hacking group has been spotted targeting European healthcare organizations using spyware linked to Chinese state-backed hackers and a new ransomware strain, researchers said. The hackers, dubbed Green Nailao, deployed ShadowPad ...
10 months ago Therecord.media

Chinese Hackers Exploit Microsoft Exchange Servers to Steal COVID-19 Research Data - A sophisticated cyberattack orchestrated by Chinese state-sponsored hackers has exposed vulnerabilities in the global cybersecurity infrastructure, targeting critical COVID-19 research from American universities and exploiting Microsoft Exchange ...
5 months ago Cybersecuritynews.com HAFNIUM

Belgium probes if Chinese hackers breached its intelligence service - According to The Brussels Times, the hacked server also routed internal HR exchanges among Belgian intelligence personnel, raising concerns about the potential exposure of sensitive personal data including identity documents and CVs belonging to ...
9 months ago Bleepingcomputer.com APT3 APT30 GALLIUM

UNC5221 Uses BrickStorm Backdoor to Target Southeast Asian Entities - In a recent cyber espionage campaign, the threat group UNC5221 has been observed deploying the BrickStorm backdoor to infiltrate and monitor entities across Southeast Asia. This sophisticated attack highlights the increasing use of advanced ...
3 months ago Thehackernews.com UNC5221

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations - Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a ...
2 years ago Thehackernews.com Mustang Panda

Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
1 year ago Darkreading.com Volt Typhoon

Senator presses Musk on Starlink ‘misuse’ by Southeast Asian scammers | The Record from Recorded Future News - “While SpaceX has stated that it investigates and deactivates Starlink devices in various contexts, it seemingly has not publicly acknowledged the use of Starlink for scams originating in Southeast Asia — or publicly discussed actions the company ...
4 months ago Therecord.media

Sandman APT Gains Traction: Chinese Hackers Amplify Cybersecurity Risks - Following this assessment, SentinelOne, PwC, and Microsoft Threat Intelligence have been working together on this since they have determined that the adversary's Lua-based malware, LuaDream, and the KEYPLUG have both been found to cohabit in the ...
2 years ago Cysecurity.news APT41

China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
1 year ago Darkreading.com Volt Typhoon

7 Months Inside an Online Scam Labor Camp - He had been kidnapped and forced to work for an abusive online scam operation. A man was abducted by a Chinese gang and forced to work in a scam operation. More than anything else, Neo Lu, a 28-year-old Chinese office worker, believed the gig would ...
2 years ago Nytimes.com

Strike Force Southeast Asia scams: How the group operates and who it targets - Strike Force Southeast Asia (SFSEA) is a cybercrime group known for its sophisticated scams targeting individuals and organizations primarily in Southeast Asia. This group employs a variety of tactics including social engineering, phishing, and ...
1 month ago Therecord.media Strike Force Southeast Asia

New BrickStorm: A Stealthy Backdoor Targeting Windows Systems - Cybersecurity researchers have uncovered a new stealthy backdoor named BrickStorm that targets Windows systems. This sophisticated malware is designed to evade detection and maintain persistent access to compromised networks. BrickStorm employs ...
3 months ago Cybersecuritynews.com

Chinese APT BrickStorm Backdoors Edge Devices - Chinese APT group BrickStorm has been identified deploying backdoors on edge devices, posing significant cybersecurity risks. This advanced persistent threat (APT) group targets critical infrastructure by compromising edge computing devices, which ...
3 months ago Darkreading.com BrickStorm

Chinese Hackers Turn To Golang For Malware - Chinese hackers are increasingly turning to the open-source programming language Golang to maliciously code and launch new cyberattacks. According to the latest analysis by The Hacker News, this has resulted in an increase in the number of cyber ...
2 years ago Thehackernews.com BlackTech Carbanak

Chinese hackers hid in US infrastructure network for 5 years - The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and ...
1 year ago Bleepingcomputer.com Volt Typhoon