unc5221

The tag unc5221 covers a sophisticated backdoor campaign called BRICKSTORM, attributed to Chinese state-sponsored actors. This threat targets VMware vSphere management infrastructure, Windows systems, and enterprise network appliances. The campaign focuses on appliance persistence, credential harvesting, and covert command-and-control for long-term espionage. Defenders are advised to treat exposures to appliance management interfaces and virtualization control planes as high-risk priorities and initiate hunt and remediation workflows immediately.