New Malware Deployed By Chinese APT To Retain Access To Hacked Systems

The Brickstorm backdoor and unidentified malware called Plenet and AgentPSD have been used by a Chinese espionage cell known as UNC5221 to gain access to Microsoft 365 environments.

The threat actor had hacked the managed services provider (MSP) of the victim organization and had access to the victim network at least eighteen months prior to detection, according to an investigation into the event.

In order to maintain persistent, long-term access to compromised networks and Microsoft 365 environments, the Chinese cyber-espionage group tracked as UNC5221 (also known as VerdantBamboo) has deployed a suite of new, custom malware, including the sophisticated Brickstorm backdoor and two previously undiscovered strains named Plenet and AgentPSD.

Since at least 2023, UNC5221, also known as VerdantBamboo, has participated in assaults that took advantage of zero-day vulnerabilities in edge devices.

Before the breaches were found in March 2025, the threat actor had been using the Brickstorm backdoor covertly in the environments of several targets in the United States for over a year.

Researchers call Brickstorm “an advanced malware implant.” Golang was used to write the first versions, and then Rust was used to write new versions.

Google recorded UNC5221 activity via the backdoor in April 2024 and again in September 2025, including assaults on technological companies, legal services, software-as-a-service providers, and business process outsourcers.

Chinese hackers were using Brickstorm against VMware vSphere servers, according to a warning from CISA. More recently, Google revealed that UNC6201 was using it against Dell RecoverPoint for Virtual Machines.

In response to an event that occurred last year, the victim was twice hacked, as Volexity researchers discovered that VerdantBamboo had gained access to an Egnyte Storage Sync system by using the victim’s online SSL VPN.

The threat actor gained access to the company’s Microsoft 365 environment from this foothold by leveraging stolen credentials and Brickstorm proxying technologies.

The researchers stated that Volexity assesses with high confidence that this was done to blend in with legitimate network traffic and evade Conditional Access policies that would have otherwise prevented access.”

The hackers had been on the network for at least 18 months before being identified, Volexity later found out. Additionally, when the researchers finished their cleanup work, VerdantBamboo penetrated the organization once more.

In the second incursion, the attackers connected to internal systems and infected a Synology NAS device with further bespoke malware after using credentials they had obtained to enable and configure SSL VPN access on the victim’s firewall.

Volexity discovered that VerdantBamboo had installed a BSD version of Brickstorm on a pfSense firewall during an examination at the customer’s MSP.

“Volexity came to the conclusion that this firewall had been compromised at least eighteen months prior, just like the victim organization’s Storage Sync system.”

The researchers are moderately certain that the attacker moved from the MSP into the environment of the victim organization.

The victim’s Egnyte Storage Sync appliance and a retired Linux GroupWise email archive server were then targeted by Brickstorm.

From using new backdoors, the attackers installed the unique malware Plenet on a Synology NAS appliance after returning a few days later and regaining access to the victim’s infrastructure.

Plenet is a cross-platform system that Google also tracks as “Grimbolt.”Command-and-control (C2) server switching, file manipulation, remote command execution, and interactive shell access are all provided by this NET-based backdoor.

The WebSocket protocol for C2 connections and a multiplexing library for concurrent data streams to the server are two ways that Plenet and Brockstorm are comparable in design, according to the researchers.

Volexity believes VerdantBamboo employed AgentPSD, a straightforward Python-based reverse shell tool, as a backup persistence strategy in the event that other malware was unavailable.

The scientists found that AgentPSD was set up to connect to a different domain than Brickstorm. However, since Brickstorm was still operational, the malware was never utilized, supporting the conclusion that AgentPSD was a secondary access mechanism.

Volexity attempted to identify the VerdantBamboo-related infrastructure during the inquiry. To determine the IP addresses and domains Brickstorm utilized for C2 communication, the researchers developed a fingerprint.

The threat actor removed the infrastructure before the researchers could identify other systems, despite the fact that several machines were found. All of the servers that had previously fit this pattern stopped using port 443 between September 18 and September 23.

Google also released a fresh report on Brickstorm’s behavior around that time, which would indicate that the attacker knew their activities were being looked at.

VerdantBamboo/UNC5221 is described by Volexity as “a highly sophisticated threat actor” that targets systems that do not support endpoint detection and response (EDR) solutions and combines malware and living-off-the-land strategies.

The indicators of compromise (IOCs) associated with the UNC5221 campaign under investigation were collated by the researchers and released here.

Standard patching won’t lower the danger because this campaign primarily relies on credential abuse and bespoke malware rather than unpatched software weaknesses. 

The following actions should be taken by organizations: Monitor identity controls by tracking unusual tokens or sign-in behaviors that circumvent standard geographic restrictions using anomaly detection platforms like Microsoft Defender for Cloud Apps; audit core infrastructure by closely examining network logs for unusual access on edge systems, including SSL VPN configurations, firewalls like pfSense, and network attached storage (NAS) devices; and examine third-party partners by making sure security evaluations cover managed service providers (MSPs), as their infrastructure is being aggressively targeted to enable lateral movement.