In a significant joint cybersecurity alert, agencies from the United States and Canada have warned that hackers with links to China have successfully penetrated sensitive government and information technology networks, using sophisticated malware to maintain persistent, long-term access.
Joint Advisory Details Chinese-Linked Cyber Threat
The advisory was formally issued by the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Canadian Centre for Cyber Security. According to Madhu Gottumukkala, the acting director of CISA, these operations are focused on "infiltrating sensitive networks and embedding themselves to enable long-term access, disruption, and potential sabotage."
'Brickstorm' Malware: The Tool for Persistent Access
The agencies identified the specific malware used in these attacks as "Brickstorm." This state-backed tool was deployed to target multiple government services and IT entities. Once inside a victim's network, the hackers used it to steal login credentials and other sensitive data, effectively gaining the potential for full control of the compromised computers.
The threat is characterized by its persistence. The advisory highlighted one instance where attackers used Brickstorm to breach a company in April 2024 and maintained their access through at least September 3, 2025. This analysis is based on eight Brickstorm samples collected from targeted organisations. However, CISA executive assistant director Nick Andersen declined to specify the total number of government bodies targeted or the complete scope of the hackers' activities within the networks.
Broadcom's VMware in the Crosshairs
The hackers are reportedly focusing their efforts on VMware vSphere, a product sold by Broadcom's VMware that is widely used to create and manage virtual machines within corporate and government networks. In response to the reports, a Broadcom spokesperson urged all customers to apply the latest software security patches and follow strong operational security practices.
China's Firm Denial of Allegations
The Chinese embassy in Washington swiftly rejected the allegations. Spokesperson Liu Pengyu stated that the Chinese government "does not encourage, support or connive at cyber attacks." He further added that China rejects what he called the "irresponsible assertion" from the agencies, noting that they had presented no factual evidence or made any formal request related to the issue.
This joint advisory underscores the escalating concerns among Western allies about sophisticated, state-aligned cyber espionage campaigns aimed at critical infrastructure and government systems, with the intent of establishing a lasting foothold for future disruptive actions.
