iTnews
Google's Threat Intelligence Group (GTIG) and Mandiant have published an analysis of the BRICKSTORM backdoor espionage malware, which it attributes to the China linked UNC5221 advanced persistent threat (APT) actors.
Written in the Go language and active since March this year, BRICKSTORM has extremely long persistence, or dwell time, in victim networks, with an average of 393 days, GTIG-Mandiant wrote.
Such long periods of time exceed typical breach detection logging periods, with the malware in some cases having a delay timer for months before activating and connecting to a command and control (C2) server.
Attackers deliberately target network appliances such as firewalls, virtual private network concentrators and virtualisation platforms like VMware vCenter infrastructure with BRICKST