Google warns that the harmful programs related to China will chase networks for years

Companies may reveal the effects of a piracy campaign linked to Chinese, at least in their networks, in the next two years, Google warns.

On Wednesday, the threat intelligence group from Google I mentioned It tracks harmful programs for the rear paper known as Brickstorm, which are used by infiltrators to maintain access to organizations and companies in the United States for 393 days on average. The ARM Consultant Cyber ​​Security from Google, Mandriant has responded to these interventions since March 2025.

The attacks target a variety of industries, with a special focus on legal services, service providers such as service (Saas), commercial operations manufacturers (BPOS), and technology companies. Evidence from Google Investigations indicates that legal groups are targeting information related to American national security and international trade. Saas service providers are used as a gate to reach their customers. Technology companies target intellectual property analysis, including the source code, which can help identify other security gaps.

“The value of these goals extends beyond the typical spy tasks, and perhaps providing data to feed the development of zero days and create axial points for the broader access to the victims of the estuary,” the report notes. The security vulnerability on zero day refers to a safety defect in the unknown programs or devices for its developers, leaving “zero days” to correct it before the attackers can exploit it.

This activity is mainly due to a group identified by Google as UC5221, along with other groups closely related to the Chinese associated.

The report says that infiltrators are able to stay not discovered for long periods because they spread a brick storm on systems that cannot run the discovery of the traditional end point (EDR) or the anti -virus program used on devices such as computers and smartphones.

Instead, they target network devices such as routers, protection walls and email security gates. It also targets virtual machinery managers and hosts. According to the report, UNC5221 is constantly targeting the VMWARE VCENTER and ESXI hosts.

To help institutions discover malicious programs, Mandriat has released a free light scanner looking for a brick storm activity. It works “by searching for a group of tendons and unique hexagonal patterns of rear paper.”

Charles Karmalkal, chief advisor technology official, said Manch Record We are expected to hear about this cyberspace for a long time.

“Since more companies are examining their systems, we expect to hear this campaign for two to two years,” Karmal said. “We have no doubt that companies will use this tool and find active or historical concessions.”

Carmakal also said Cyber ​​security diving During this two -year period, “new things will appear” about the attacks, as more victims reveal violations.