APT / THREAT GROUP
BRICKSTORM
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
According to Google, BRICKSTORM is used to consistently target appliances, among them primarily VMware vCenter and ESXi hosts.
Threat Analysis
BRICKSTORM is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning BRICKSTORM
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
The Hacker News· Jun 8, 2026
Chinese APT deploys new malware to keep access to hacked networks
BleepingComputer· Jun 5, 2026
vSphere and BRICKSTORM Malware: A Defender's Guide
Mandiant Blog· Apr 2, 2026
From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day
Mandiant Blog· Feb 17, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
BRICKSTORMelf.brickstorm
External Intelligence
Malpedia: elf.brickstormResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.