China’s VerdantBamboo Experimented With Three Re-Entries and Three Malware in a Company Network

**VerdantBamboo APT conducted an 18-month supply-chain intrusion**: attackers compromised an Egnyte Storage Sync appliance and an MSP pfSense firewall to deploy custom backdoors (BRICKSTORM, AGENTPSD, PLENET), used stolen MSP credentials and misconfigured sudo for privilege escalation, repeatedly re-entered the network after evictions, and bypassed Microsoft Entra Conditional Access by routing M365 traffic through internal IP space; the campaign exploited devices lacking EDR and weak administrative controls.