An official website of the United States government
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | Dec. 4, 2025

NSA Joins CISA to Release Guidance on Detecting BRICKSTORM Backdoor Activity

FORT MEADE, Md.  –  
FORT MEADE, Md. – The National Security Agency (NSA) is joining the Cybersecurity and Infrastructure Security Agency (CISA) and the Canadian Centre for Cyber Security to detail the broad campaign of China state-sponsored cyber actors using the BRICKSTORM malware for long-term persistence on victim systems.  

BRICKSTORM malware is a sophisticated backdoor that provides capabilities for secure command and control, remote system control, and long-term persistence.

Organizations—especially those within critical infrastructure, government services and facilities, and the Information Technology sector—are encouraged to use the indicators of compromise (IOCs) and detection signatures outlined in the report to detect BRICKSTORM backdoor activity. If BRICKSTORM, similar malware, or potentially related activity is detected, promptly report the compromise.

Read the full report here.

Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations
MediaRelations@nsa.gov
443-634-0721

cybersecurity csd csa BRICKSTORM China China state-sponsored cyber actors
Hosted by Defense Media Activity - WEB.mil Veterans Crisis Line number. Dial 988 then Press 1