brickstorm backdoor

The brickstorm backdoor is a sophisticated Go-based backdoor used in targeted espionage campaigns, primarily targeting VMware vCenter and appliances. It establishes long-term persistence by exploiting appliance blind spots to steal credentials and cloned virtual machine snapshots for offline credential extraction and data theft. First surfaced in public reporting in 2024, brickstorm backdoor is characterized as a stealthy, low-noise backdoor deployed on appliances and virtualization management systems. Discussions on WindowsForum cover its operation, impact, and mitigation strategies for enterprise IT environments.