Chinese APT deploys new malware to keep access to hacked networks

Volexity and other vendors attribute sustained intrusions against US organizations to UNC5221 (VerdantBamboo), which used the Brickstorm backdoor (Golang and Rust variants), bespoke cross-platform backdoors Plenet and AgentPSD, and credential/SSL VPN abuse to persist for at least 18 months; the actor also compromised an MSP and leveraged zero-day/exploit techniques against edge devices, prompting published IOCs and vendor advisories.