BRICKSTORM Backdoor Analysis: A Persistent Espionage Threat To European Industries (QCTR 2025/Q1)

🔹 Michel Coene and Maxime Thiebaut from NVISO deliver an in-depth technical analysis of BRICKSTORM, a backdoor tied to the China-linked threat cluster UNC5221. In this session, they unveil new findings about two Windows-targeting BRICKSTORM samples (marking a shift from its earlier appearance on Linux systems). The talk walks through BRICKSTORM’s capabilities, infrastructure, and communication protocols. It concludes with practical threat hunting and mitigation tips to help defenders detect and counter this persistent threat.

"QCTR" you say?
The QCTR (Quarterly Cyber Threat Report) event is a must-attend gathering for cybersecurity professionals, bringing together global experts to share cutting-edge insights on the latest cyber threats. After a two-year break, this year’s edition featured two hours of compelling talks, real-world threat analysis, and actionable strategies, all designed to help you stay ahead in an ever-evolving digital landscape.
🎥 This video is a recording from the QCTR event for Q1, hosted by the Centre for Cybersecurity Belgium (CCB) on April 25, 2025.

👇 Timestamps below for easy navigation.
==============================
Links mentioned in the video
==============================
Subscribe to our future events via https://events.zoom.us/eo/AhgwS4H5MFg...

Read the full report by NVISO: https://www.nviso.eu/blog/nviso-analy...

==============================
Timecodes
==============================
00:00 - Introduction
02:02 - What is BRICKSTORM
03:25 - Attribution
04:40 - What can BRICKSTORM do?
06:57 - Interactive demo of BRICKSTORM
08:25 - Protocol
10:35 - Infrastructure
13:27 - Some key takeaways
18:32 - Q&A: BRICKSTORM hiding in BIOS?