VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

Monday, June 8, 2026 at 10:27 AM UTC·Source: The Hacker News

Updated: Monday, June 8, 2026 at 11:00 AM UTC

Executive Summary

A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking groups known as Clay Typhoon (Microsoft),

Analysis

Source Attribution

Originally published by The Hacker News on Jun 8, 2026.

Related Threats

CRITICALApt

Attackers exploiting unpatched Cisco SD-WAN flaw

Cisco warns customers of an actively exploited high-severity vulnerability in Catalyst SD-WAN Manager, an enterprise network management system that has been targeted by hackers multiple times in the past. Located in the command-line interface, the flaw allows authenticated attackers to escalate privileges to root and take over the entire system. The vulnerability, tracked as CVE-2026-20245, is rat

CVE-2026-20245CVE-2026-20127

8h agoCSO Online

MEDIUMApt

Chinese APT deploys new malware to keep access to hacked networks

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. [...]

3d agoBleepingComputer

MEDIUMApt

New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework. ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked to China. "OP-512 was highly likely conducting espionage through a

3d agoThe Hacker News