A Chinese espionage group known as UNC5221 has infiltrated Microsoft 365 systems using a backdoor called Brickstorm, along with two previously unknown malicious programs: Plenet and AgentPSD.
According to the investigation, the attackers maintained a presence within the target network for a minimum of 18 months before anyone noticed. They also managed to breach the organization’s managed services provider (MSP).
This group is also referred to as VerdantBamboo and has been active since at least 2023, exploiting previously unknown (zero-day) vulnerabilities in edge devices.
The Brickstorm backdoor went undetected within the networks of various U.S.-based targets for over a year until the breaches were finally uncovered around March 2025.
Experts describe Brickstorm as “an advanced malware implant.” Its early versions were written in Golang, with later iterations switching to Rust.
In April 2024, Google first documented UNC5221’s use of the backdoor. Then, in September 2025, Google reported further attacks targeting legal firms, SaaS providers, business process outsourcing companies, and tech organizations.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about Brickstorm being deployed by Chinese threat actors against VMware vSphere servers. More recently, Google reported its use by another group, UNC6201, targeting Dell RecoverPoint for Virtual Machines.
Victim compromised twice
Volexity researchers investigating an incident from last year found that VerdantBamboo had compromised an Egnyte Storage Sync system and periodically accessed it through the victim’s web-based SSL VPN.
From this initial entry point, and by leveraging Brickstorm’s proxying capabilities along with stolen credentials, the attackers accessed the organization’s Microsoft 365 environment.
“Volexity believes with high confidence that this approach was intended to blend in with normal network traffic and bypass Conditional Access policies that would have otherwise blocked access,” the researchers explained.
Further investigation revealed that hackers had remained within the network for at least 18 months before detection. Even more concerning, VerdantBamboo breached the organization again after the initial remediation was completed.
During the second intrusion, attackers used stolen credentials to enable and configure SSL VPN access on the victim’s firewall. They then connected to internal systems and installed additional custom malware on a Synology NAS device.
This prompted an investigation at the customer’s MSP, where Volexity discovered that VerdantBamboo had installed a BSD version of Brickstorm on a pfSense firewall.
“Volexity concluded that this firewall, like the victim’s Storage Sync system, had also been compromised at least 18 months earlier.”
Researchers have medium confidence that the attacker moved laterally from the MSP into the victim’s organization.
Brickstorm was subsequently deployed to the victim’s Egnyte Storage Sync appliance and to a retired Linux GroupWise email archive server.
New backdoors deployed
When the attackers returned a few days later and regained access to the victim’s infrastructure, they deployed a custom malware called Plenet to a Synology NAS appliance.
Plenet, referred to as “Grimbolt” by Google, is a cross-platform .NET-based backdoor that provides interactive shell access, remote command execution, file manipulation, and command-and-control (C2) server switching capabilities.
The researchers note that Plenet shares a similar architecture with Brickstorm, utilizing the WebSocket protocol for C2 communications and a multiplexing library to handle multiple simultaneous data streams to the server.
AgentPSD is a straightforward Python-based reverse shell tool. Volexity believes VerdantBamboo used it as a fallback persistence tool in case their other malware became inaccessible.
Investigators found that AgentPSD was configured to connect to a different domain than the one used by Brickstorm. However, the tool was never activated since Brickstorm remained operational, supporting the assessment that AgentPSD served only as a secondary access method.
During the investigation, Volexity attempted to map the infrastructure associated with VerdantBamboo. The team developed a fingerprint to identify the IP addresses and domains Brickstorm used for C2 communication.
Although several machines were identified, the threat actor shut down the infrastructure before researchers could uncover additional systems.
“Between September 18 and September 23, all servers previously matching this pattern stopped their services on port 443.”
Around the same time, Google published a new report on Brickstorm activity, suggesting that the attacker may have been aware their actions were under scrutiny.
Volexity characterizes VerdantBamboo/UNC5221 as “a highly sophisticated threat actor” that combines living-off-the-land techniques with custom malware, specifically targeting systems that lack endpoint detection and response (EDR) capabilities.
The researchers have compiled a list of indicators of compromise (IOCs) linked to the UNC5221 campaign under investigation, which are available here.
Security teams log only 54% of successful attacks and generate alerts for just 14%. The rest slip through undetected.
The Picus whitepaper demonstrates how breach and attack simulation tests your SIEM and EDR rules to ensure threats don’t go unnoticed.
Get the whitepaper
