The Virtualization Blind Spot: China's 17-Month Persistence Inside America's Infrastructure

For seventeen months, Chinese state-sponsored hackers had access to a U.S. organization's VMware vCenter server. The intrusion started in April 2024. It wasn't discovered until September 2025, and only then because CISA got involved. On Thursday, the agency published a joint advisory with NSA and Canadian cyber authorities laying out what BRICKSTORM, the backdoor that enabled all of this, actually does.

Hours later, CrowdStrike named a new threat actor: WARP PANDA. Same malware. Different victims. U.S. legal firms, technology companies, manufacturers, all targeted throughout 2025.

Why does this advisory hit harder than the usual government warnings? Because it shows exactly where enterprise security falls apart. Endpoint detection on workstations, network anomaly monitoring, email phishing scans, companies spend real money on all of it. Their virtualization layer? The infrastructure running VMware? That gets treated as plumbing. Set it up, leave it alone. Chinese operators figured this out and wrote malware specifically for that blind spot.

Eight samples. That's what CISA analyzed, pulled from different victim networks. In one case, CISA's own incident response team worked the breach. What they found: attackers inside two domain controllers, plus an Active Directory Federation Services server. The ADFS box is where the real damage happened. Cryptographic keys got extracted, the kind that control authentication across an entire organization. Nick Andersen, running CISA's cybersecurity division, declined to say which agencies or sectors were hit during a press call. The written advisory names government services and IT organizations as primary targets.

"State-sponsored actors are not just infiltrating networks," CISA Acting Director Madhu Gottumukkala said in the announcement. "They are embedding themselves to enable long-term access, disruption, and potential sabotage."

Potential sabotage. That's Volt Typhoon language. The Chinese collective that U.S. intelligence says has been pre-positioning inside critical infrastructure. Taiwan contingencies. Conflict preparation. Same vocabulary showing up in a malware advisory.

Quick Summary

• CISA documented Chinese hackers with 17-month VMware vCenter access; CrowdStrike named threat actor WARP PANDA behind 2025 attacks on U.S. firms

• BRICKSTORM self-repairs when deleted, disguises as legitimate processes, routes communications through trusted services like Cloudflare and Google

• Standard security monitoring misses the threat entirely because virtualization infrastructure lacks the scrutiny applied to workstations

• "Potential sabotage" language echoes Volt Typhoon warnings, suggesting pre-positioning for conflict scenarios beyond traditional espionage

The Hypervisor Problem

VMware's vSphere runs in data centers everywhere. Virtual machines for enterprise applications, created and managed through vCenter consoles. Organizations treat this as foundational. It should just work. Security teams point their attention at user-facing systems instead.

BRICKSTORM exploits this directly. The malware names itself after legitimate vCenter processes, things like updatemgr and vami-http that administrators see running all the time. Most endpoint detection software was built for workstations, not hypervisors. Different monitoring assumptions, different coverage gaps.

CrowdStrike's write-up on WARP PANDA describes "a high level of technical sophistication, advanced operations security skills, and extensive knowledge of cloud and virtual machine environments." In one of the intrusions they tracked, initial access dated to late 2023. Two years before anyone caught on.

Attack chains start at the perimeter. Internet-facing devices compromised first. Then lateral movement into vCenter, sometimes with stolen credentials, sometimes through vulnerability exploitation. Five CVEs appear across different intrusions: authentication bypass bugs in Ivanti Connect Secure VPN (CVE-2024-21887 and CVE-2023-46805), a heap-overflow in vCenter's DCERPC protocol (CVE-2024-38812), an authentication bypass in F5 BIG-IP (CVE-2023-46747), and a vCenter remote code execution flaw from 2021 (CVE-2021-22005) that apparently still works against some targets four years later.

Inside the environment, operators take their time. They spin up virtual machines that never get registered in vCenter's inventory, run operations from those hidden VMs, then shut them down. No record in the management console. CrowdStrike published a PowerShell script called VirtualGHOST to find these ghost machines, but using it means knowing to look.

Malware That Repairs Itself

Standard incident response assumes you can delete malware and move on. BRICKSTORM breaks that assumption.

On execution, the backdoor checks its environment and copies itself somewhere new: /usr/java/jre-vmware/bin/ in some samples, /opt/vmware/sbin/ in others. Then comes the PATH manipulation. The system's environment variable gets rewritten so that any command trying to invoke a legitimate VMware binary runs the malicious copy first. Administrator notices something wrong, deletes the suspicious file? A self-watching function detects the disruption. BRICKSTORM pulls a backup from /etc/sysconfig/ and reinstalls.

The init file gets modified too, the script controlling vSphere's boot sequence. Restart the server and BRICKSTORM loads with the operating system. Cleaning this requires hitting every copy location, every PATH modification, every init file change, all at once. Leave one piece and the self-repair kicks in.

Communications work the same way, redundancy built into every layer. Command-and-control domains resolve through DNS-over-HTTPS queries to public providers: Cloudflare's 1.1.1.1, Google's 8.8.8.8, Quad9's 9.9.9.9. Encrypted requests to services that every corporate network trusts. Nothing to flag.

The C2 servers themselves hide behind Cloudflare Workers and Heroku. Try blocking those and you break legitimate business applications. Attackers bet correctly that traffic to major cloud providers wouldn't get scrutinized.

Where Monitoring Fails

BRICKSTORM's secure channel uses encryption stacked on encryption. First comes an HTTPS connection to a legitimate cloud platform. That gets upgraded to WebSockets. Within the WebSocket tunnel, more TLS handshakes, the malware authenticating to C2 with a hardcoded key. Finally, multiplexing through smux or Yamux libraries so multiple command streams share one encrypted connection.

Packet inspection shows encrypted traffic to a cloud service. Normal. The malicious payload travels inside nested layers that network monitoring tools weren't designed to see.

CrowdStrike documented two tools absent from the government advisory entirely. One called Junction targets ESXi servers directly. It parks itself on port 8090, a port the legitimate VMware service vvold also uses, and handles communication with guest VMs through something called VM sockets, or VSOCK, a mechanism for hypervisor-to-VM traffic that bypasses the network stack. The second tool, GuestConduit, runs inside guest VMs themselves. Port 5555. It tunnels data between VMs and the hypervisor.

Put them together and traffic stays entirely within the virtualization layer. Nothing hits the external network where security tools might notice. The detection problem becomes architectural.

CrowdStrike watched WARP PANDA stage data for exfiltration "on numerous occasions," using 7-Zip to compress snapshots grabbed from live virtual machines. In one case, domain controller VMs got cloned so attackers could extract the Active Directory database offline. Every credential in the organization, captured in one operation.

Strategic Access, Not Quick Profit

Ransomware gangs cash out in days. These operators sat quietly for seventeen months in the documented case, possibly two years in others.

No sales on criminal forums. No cryptomining. According to CISA's advisory, the attackers went after email accounts belonging to employees who work on subjects aligned with Chinese government priorities. CrowdStrike found reconnaissance activity targeting an Asia-Pacific government, conducted from inside a compromised U.S. network, using victim infrastructure as a launchpad. Mandiant's September 2025 report tracked intrusions aimed at executive mailboxes, developer accounts, people working on matters tied to PRC economic and espionage interests.

Salt Typhoon inside telecom companies. Volt Typhoon across critical infrastructure. Now BRICKSTORM in virtualization environments. Different technical implementations, consistent strategic logic. Map systems that would matter in a crisis. Maintain access until needed.

F5's October 2025 breach disclosure fits the pattern. Attackers had been inside since 2023. F5 manages application delivery for hundreds of thousands of systems, government and private sector alike. Supply chain implications extend well beyond one compromised vendor.

Broadcom, which owns VMware, offered boilerplate: apply patches, follow hardening guides. Useful advice for organizations that haven't been breached. For everyone else, patches address future risk, not current compromise.

Detection Gaps

CISA published YARA and Sigma rules for scanning. YARA catches known file signatures, meaning it may miss variants. Sigma rules require vCenter logs flowing into a SIEM system, which isn't standard practice. Mandiant's September scanner requires filesystem access, presupposing you already suspect a problem.

The underlying issue is how security monitoring developed. Assumptions about where threats live, baked into tools and workflows over years, don't account for virtualization infrastructure. Hypervisors don't run endpoint agents. Cloud traffic doesn't get deep inspection. vSphere logs don't feed into security platforms.

Chinese operators surveyed these gaps and built malware to live in them. BRICKSTORM isn't sophisticated because it does anything novel. It's sophisticated because it goes where defenders aren't watching.

CISA recommends vSphere upgrades, configuration hardening, edge device inventories, DoH provider restrictions, service account lockdowns. All sensible. The agency's own incident response still found attackers with seventeen months of undetected access.

New signatures won't close this gap. More detection rules won't either. Virtualization infrastructure needs the same security attention that workstations get. Most security teams haven't gotten there yet. Some haven't even started the conversation.

Why This Matters

For infrastructure operators: Running VMware vSphere means carrying security debt that patch management alone can't address. Chinese operators refined their approach over years. Malware designed to reinstall itself defeats standard remediation playbooks.
For security teams: BRICKSTORM routes through legitimate cloud services and nests encryption inside encryption. Catching it requires watching places that current architectures largely ignore.
For policymakers: Seventeen-month dwell times and "potential sabotage" warnings echo the Volt Typhoon assessments. Pre-positioning for infrastructure disruption during a Taiwan crisis is no longer hypothetical.

❓ Frequently Asked Questions

Q: How can my organization check if it's been compromised by BRICKSTORM?

A: CISA released YARA and Sigma detection rules in their December 4 advisory. Mandiant published a dedicated scanner. CrowdStrike's VirtualGHOST tool finds hidden VMs. But these require vCenter logs feeding into SIEM systems, which most organizations haven't configured. Start by checking whether vSphere logs are being collected at all.

Q: What is VMware vCenter and why do attackers target it?

A: vCenter is the management console for VMware's virtualization platform. It controls all virtual machines in an organization's data center. Compromising vCenter gives attackers access to every VM, including domain controllers and critical servers. It also lets them create hidden "ghost" VMs that don't appear in normal inventory, making detection extremely difficult.

Q: Why can't regular antivirus or endpoint detection catch BRICKSTORM?

A: Most endpoint detection tools were designed for workstations, not hypervisors. BRICKSTORM runs on vCenter servers where these agents typically aren't deployed. The malware routes communications through legitimate services like Cloudflare and Google DNS-over-HTTPS, making traffic look normal. Its self-repair function means even if deleted, it reinstalls from backup locations.

Q: How does BRICKSTORM relate to Volt Typhoon and Salt Typhoon?

A: All three are Chinese state-sponsored campaigns targeting different infrastructure layers. Salt Typhoon hit U.S. telecom companies. Volt Typhoon embedded in water, energy, and transportation systems. BRICKSTORM targets virtualization environments. The common thread: long-term access for potential disruption during conflict, not immediate financial gain. CISA used "potential sabotage" language for all three.

Q: Which vulnerabilities does BRICKSTORM exploit?

A: Five CVEs appear across documented intrusions: CVE-2024-21887 and CVE-2023-46805 (Ivanti VPN authentication bypass), CVE-2024-38812 (vCenter heap overflow), CVE-2023-46747 (F5 BIG-IP bypass), and CVE-2021-22005 (a 2021 vCenter flaw still working four years later). Attackers also use stolen credentials, typically compromising internet-facing edge devices first before pivoting to vCenter.