Chinese APT Hid in US Networks for 18 Months Using New Malware

Key Takeaways

• UNC5221 remained undetected in victim networks for at least 18 months before discovery in March 2025
• The attackers compromised both the victim organization and their managed service provider
• The group deployed previously undocumented malware called Plenet and AgentPSD alongside the known Brickstorm backdoor

What Happened

A Chinese state-sponsored hacking group has been caught lurking inside American corporate networks for at least 18 months. The group, tracked as UNC5221 (also known as VerdantBamboo), used a combination of known and newly discovered malware to maintain persistent access to victims' systems, including their Microsoft 365 environments.

Security firm Volexity uncovered the intrusion while responding to an incident last year. Their investigation revealed that the attackers had compromised not just the victim organization, but also their managed service provider. This dual compromise gave the hackers multiple paths into the target network.

The attackers deployed the Brickstorm backdoor, a sophisticated implant that has evolved from Golang to Rust variants since Google first documented it in April 2024. They also used two previously undocumented malware families: Plenet and AgentPSD.

How They Got In and Stayed Hidden

UNC5221 initially compromised an Egnyte Storage Sync system. They accessed it periodically through the victim's web SSL VPN. From this foothold, they used Brickstorm's proxying features and stolen credentials to reach the organization's Microsoft 365 environment.

“Volexity assesses with high confidence that this was done to blend in with legitimate network traffic and evade Conditional Access policies that would have otherwise prevented access.”

— Volexity researchers

The technique worked. By routing their traffic through legitimate internal systems, the attackers avoided security controls designed to block external access attempts.

The Second Breach

After Volexity completed initial remediation efforts, VerdantBamboo broke back in. The attackers used stolen credentials to enable and configure SSL VPN access on the victim's firewall. They then connected to internal systems and deployed custom malware to a Synology NAS device.

This second intrusion triggered an investigation at the customer's managed service provider. Volexity found that VerdantBamboo had planted a BSD variant of Brickstorm on a pfSense firewall at the MSP. That firewall had been compromised for at least 18 months as well.

The researchers concluded with medium confidence that the attacker pivoted from the MSP into the victim organization's environment. This means the MSP compromise may have been the original entry point.

Why MSPs Are Prime Targets

Managed service providers are attractive targets because they have trusted access to multiple client networks. Compromise one MSP, and you potentially gain access to dozens or hundreds of downstream organizations.

“The threat actor's ability to maintain access by compromising MSPs represents a significant escalation in how state-sponsored groups scale their operations across diverse victim ecosystems.”

— Senior Security Researcher at Volexity

UNC5221 has been involved in attacks exploiting zero-day vulnerabilities in edge devices since at least 2023. Their targets include legal services, software-as-a-service providers, business process outsourcers, and technology companies.

The Malware Arsenal

Brickstorm is described as an advanced malware implant. Initial variants were written in Golang, with newer versions written in Rust. CISA has warned about its deployment against VMware vSphere servers. Google reported its use against Dell RecoverPoint for Virtual Machines.

The group deployed Brickstorm variants across different platforms: the original targeting Windows and Linux systems, and a BSD variant for pfSense firewalls. This cross-platform capability makes detection and remediation harder.

• Brickstorm: Advanced backdoor with proxying capabilities, evolved from Golang to Rust
• Plenet: Previously undocumented malware deployed in this campaign
• AgentPSD: Another new malware family discovered during the investigation

Security Community Response

Discussion on r/cybersecurity and HackerNews has focused on the difficulty of securing MSPs and the risks posed by edge devices like VPNs and firewalls. These devices often lack full visibility into their operations, making them ideal hiding spots for persistent attackers.

Security professionals are particularly alarmed by the efficacy of living-off-the-land techniques. By using legitimate tools and blending with normal traffic, attackers like UNC5221 can evade endpoint detection and response solutions.

The challenge of evicting an actor that has established multiple independent persistence mechanisms across different layers of infrastructure is significant. Even after remediation, as this case shows, attackers with alternate footholds can return.

What Organizations Should Do

1. Audit MSP access: Review what access your service providers have and whether it's still necessary
2. Monitor edge devices: VPNs, firewalls, and storage systems need the same scrutiny as endpoints
3. Implement network segmentation: Limit lateral movement if one system gets compromised
4. Check for Brickstorm indicators: Review CISA and Google threat intelligence for detection guidance
5. Test remediation completeness: Assume attackers have multiple persistence mechanisms

Frequently Asked Questions

What is UNC5221?

UNC5221, also known as VerdantBamboo, is a Chinese state-sponsored hacking group that has been active since at least 2023. They specialize in exploiting zero-day vulnerabilities in edge devices and maintaining long-term access to victim networks.

What is the Brickstorm backdoor?

Brickstorm is an advanced malware implant used by Chinese hackers. It has proxying features that let attackers route traffic through compromised systems. Variants exist for Windows, Linux, and BSD operating systems.

How did the attackers stay hidden for 18 months?

They compromised edge devices like storage sync systems and firewalls, then used stolen credentials and traffic proxying to blend in with legitimate network activity. This helped them evade Conditional Access policies and security monitoring.

Why are managed service providers targeted by state hackers?

MSPs have trusted access to multiple client networks. Compromising one MSP can give attackers a path into many organizations simultaneously, making it an efficient way to scale espionage operations.

What industries has UNC5221 targeted?

According to Google's reporting, the group has targeted legal services, software-as-a-service providers, business process outsourcers, and technology companies in the United States.

Source: BleepingComputer