#BRICKSTORM intel just landed: PRC actors camping in vCenter/ESXi + Windows. 🧱🕵️
F5 source-code drama raises the long-run 0-day odds, but the calendar + attribution lag are savage.
Our final call: 11% #UNC5221 gets publicly tied to a new 0-day before Dec 31. 🎯
#AlphaHunt #ZeroDay
UNC5221’s Q4 playbook: live on the edge, ship a zero-day, let attribution lag do the rest. We’ve got it at 32% before 12/31. Betting line or blind spot? 🧮🔎
Read → blog.alphahunt.io/will-unc5221...
#AlphaHunt #ZeroDay #UNC5221
What if spies stole the source code for F5's BIG-IP?
China-linked espionage group #UNC5221 spent a year inside, stealing code and vulnerability data.
Read the full threat analysis and mitigation steps now 👇
https://tinyurl.com/5xy2weff
UNC5221 stuffing stockings at the edge? Updated odds: 32% they pop a fresh zero‑day before 12/31. Attribution lags, year‑end windows don’t. 🔥🛡️
Peek the forecast—then subscribe for the follow-through. -> blog.alphahunt.io/will-unc5221...
#AlphaHunt #CyberSecurity #ZeroDay #UNC5221
UNC5221’s Q4 playbook: live on the edge, ship a zero-day, let attribution lag do the rest. We’ve got it at 32% before 12/31. Betting line or blind spot? 🧮🔎
Read → blog.alphahunt.io/will-unc5221...
#AlphaHunt #ZeroDay #UNC5221
~Zscaler~
Nation-state actor UNC5221 breached F5, exfiltrating BIG-IP source code and internal zero-day vulnerability documentation.
-
IOCs: BRICKSTORM, UNC5221
-
#F5 #ThreatIntel #UNC5221
F5 nel mirino di attori statali: il codice sorgente di BIG-IP è stato compromesso. Un’ipotesi di threat actor
il blog: insicurezzadigitale.com/f5-nel-mirin...
#cybersecurity #brickstorm #databreach #f5 #unc5221
Google warns of Brickstorm malware targeting US firms for over a year
Google’s Threat Intel team says the Chinese‑linked UNC5221 used the Brickstorm malware to spy on US legal, technology and SaaS firms, with an average dwell time of 393 days. getnews.me/google-warns-of-bricksto... #brickstorm #unc5221 #cybersecurity
BRICKSTORM new Windows variant expands targeting of legal and technology sectors Threat Group – China-nexus UNC5221 Threat Type – Espionage backdoor and post-exploitation toolkit Exploited Vuln...
#$BRICKSTORM #UNC5221 #DNS-over-HTTPS #Ivanti #Cloud-fronted-C2 #Malware
Origin | Interest | Match
Google Warns of BRICKSTORM Malware Driving Supply Chain Intrusions China-linked hackers use BRICKSTORM malware to hit tech, SaaS, and legal firms, threatening the US supply chain. The post Google W...
#News #Threats #BRICKSTORM #malware #Google […]
[Original post on esecurityplanet.com]
China-linked hackers are using a backdoor called BRICKSTORM to steal intellectual property from law firms, SaaS, and tech companies, targeting executive inboxes. Mandiant attributes it to UNC5221.
#BRICKSTORM #China #Mandiant #UNC5221 #CyberSecurity #Infosec #IPTheft therecord.media/china-linked...
Chinese Hackers Lurked Nearly 400 Days in Networks With Stealthy BrickStorm Malware Google’s Threat Intelligence Group and Mandiant link the BrickStorm campaign to UNC5221, warning that hackers a...
#Nation-State #China #China #APT #Featured #UNC5221 #Zero-Day
Origin | Interest | Match
Chinese Spies Lurked in Networks for 393 Days, Hunted for Zero-Day Intel Google’s Threat Intelligence Group and Mandiant have shared findings on a recent BrickStorm campaign linked to UNC5221. Th...
#Nation-State #China #China #APT #UNC5221 #Zero-Day
Origin | Interest | Match
~Mandiant~
Suspected China-nexus actor UNC5221 uses the BRICKSTORM backdoor for long-term, stealthy espionage against tech and legal sectors by targeting network appliances.
-
IOCs: (None identified)
-
#BRICKSTORM #ThreatIntel #UNC5221
Mandiant scopre la campagna BrickStorm di UNC5221: spionaggio cinese contro aziende USA con backdoor su VMware, furto credenziali e zero-day.
#apt #backdoor #BrickStorm #cina #mandiant #UNC5221 #vmware
www.matricedigitale.it/2025/09/24/b...
Two new zero-day vulnerabilities (CVE-2025-4427 & 4428) in their Endpoint Manager Mobile software are being actively exploited by nation-state hackers.
Researchers say it’s Ivanti’s code to blame, not open-source.
#ZeroDay #Cybersecurity #RiskManagement #SupplyChainSecurity #CVE20254427 #UNC5221
~Eclecticiq~
UNC5221 actively exploits Ivanti EPMM (CVE-2025-4428) for RCE & data exfil.
-
IOCs: 64. 52. 80. 21, 103. 244. 88. 125, 27. 25. 148. 183
-
#CVE20254428 #Ivanti #ThreatIntel #UNC5221
"Infrastructure risks have also been prominent, w/vulnerabilities in ASUS routers & critical ICS devices from Schneider Electric & Yokogawa exposing sectors like #energy & manufacturing to..." digitalfrontierpartners.com.au/news/latest-... RU #APT29 Android #NFC China #UNC5221 #SNOWLIGHT #TONESHELL
A critical vulnerability impacting Ivanti Connect Secure VPN appliances initially believed to be a low-risk flaw is being actively exploited to achieve remote code execution.
#Ivanti #Vulnerability #Cyberespionage #UNC5221 #VPN
2/ 🚨 Urgent #Ivanti Patch Alert: A critical #RCE zero-day is being actively exploited by suspected #China-nexus group #UNC5221, who are deploying new malware (TRAILBLAZE, BRUSHFIRE).
UNC5221 just turned a hidden flaw in Ivanti Connect Secure into a cyber heist—using zero-day exploits and stealth malware to breach critical systems. Could your network be the next target?
#unc5221
#ivanti
#cybersecurity
#zeroday
#malware
🚨CVE-2025-22457
@Mandiant confirms critical Ivanti Connect Secure RCE vulnerability
📌CVE: bit.ly/4iTpKdD
📊136K+ services found magnify.modat.io
Basic Query bit.ly/3E50TEB
Device DNA bit.ly/4jcSuOV
#ModatMagnify #CVE202522457 #Ivanti #ThreatIntel #UNC5221 #APT #DFIR
⚠️ Warning - #Chinese espionage group #UNC5221 attacking Ivanti Connect Secure VPN & Policy Secure devices, and using custom web shells like BUSHWALK, CHAINLINE, FRAMESTING, and LIGHTWIRE variant.
thehackernews.com/2024/02/warn...
Patch ASAP!
#cybersecurity #hacking
