Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary

CrowdStrike identified WARP PANDA, a China-aligned APT, conducting sophisticated, long-term intrusions against U.S. VMware vCenter and ESXi environments in 2025, deploying Golang implants BRICKSTORM, Junction, and GuestConduit plus JSP web shells to tunnel traffic, communicate via VSOCK, stage and exfiltrate data, and clone domain controller VMs while leveraging valid credentials, vCenter services, and OPSEC techniques to maintain covert persistence.