Chinese APT VerdantBamboo Exploits Brickstorm Malware for Long-term Network Access

UNC5221 (VerdantBamboo) has been using the Brickstorm backdoor and newer variants (Plenet, AgentPSD) to compromise MSPs and maintain persistent access to Microsoft 365 and network infrastructure for at least 18 months, exploiting zero-day edge-device vulnerabilities and employing advanced evasion techniques; defenders are advised to patch affected products, monitor WebSocket C2 and SSL VPN anomalies, harden conditional access, and audit MSP environments.