• Military
• WMD
• Intelligence

• Security Menu                     

• Systems
• Industry
• Operations
• Hot Documents
• News
• Reports
• Policy
• Budget
• Congress
• Links

• Space

NSA Joins CISA to Release Guidance on Detecting BRICKSTORM Backdoor Activity

National Security Agency / Central Security Service

Press Release | Dec. 4, 2025

FORT MEADE, Md. -- The National Security Agency (NSA) is joining the Cybersecurity and Infrastructure Security Agency (CISA) and the Canadian Centre for Cyber Security to detail the broad campaign of China state-sponsored cyber actors using the BRICKSTORM malware for long-term persistence on victim systems.

BRICKSTORM malware is a sophisticated backdoor that provides capabilities for secure command and control, remote system control, and long-term persistence.

Organizations—especially those within critical infrastructure, government services and facilities, and the Information Technology sector—are encouraged to use the indicators of compromise (IOCs) and detection signatures outlined in the report to detect BRICKSTORM backdoor activity. If BRICKSTORM, similar malware, or potentially related activity is detected, promptly report the compromise.

Read the full report here.