CrowdStrike has named and profiled a previously unreported China‑nexus cyberespionage cluster it calls WARP PANDA, a highly capable group that has spent years quietly breaching and persisting inside U.S. hybrid‑cloud and VMware environments to harvest high‑value data for intelligence purposes.
WARP PANDA emerged in CrowdStrike telemetry as a distinct activity cluster in 2025, although evidence shows operations stretching back to at least 2022 and initial access in some intrusions as early as late 2023. The group’s playbook centers on compromising internet‑facing edge devices, moving to virtualization management platforms—principally VMware vCenter and ESXi—and establishing long‑term, stealthy persistence to collect cloud and on‑premises data. CrowdStrike characterizes the actor as technically sophisticated, with advanced operational security (OPSEC) practices and a focus on long‑term intelligence collection consistent with PRC interests. Multiple U.S. and allied agencies have taken notice: national cybersecurity organizations have linked BRICKSTORM and related activity to state‑level espionage campaigns and issued joint advisories outlining the malware’s persistence and the risk to critical enterprise virtualization estates. These advisories underscore unusually long dwell times in some compromises—measured in many months—and call for prioritized hunting and patching of affected infrastructure.
Source: SecurityBrief Asia https://securitybrief.asia/story/warp-panda-cyberespionage-group-targets-us-cloud-networks/
Background
WARP PANDA emerged in CrowdStrike telemetry as a distinct activity cluster in 2025, although evidence shows operations stretching back to at least 2022 and initial access in some intrusions as early as late 2023. The group’s playbook centers on compromising internet‑facing edge devices, moving to virtualization management platforms—principally VMware vCenter and ESXi—and establishing long‑term, stealthy persistence to collect cloud and on‑premises data. CrowdStrike characterizes the actor as technically sophisticated, with advanced operational security (OPSEC) practices and a focus on long‑term intelligence collection consistent with PRC interests. Multiple U.S. and allied agencies have taken notice: national cybersecurity organizations have linked BRICKSTORM and related activity to state‑level espionage campaigns and issued joint advisories outlining the malware’s persistence and the risk to critical enterprise virtualization estates. These advisories underscore unusually long dwell times in some compromises—measured in many months—and call for prioritized hunting and patching of affected infrastructure. Why this matters to WindowsForum readers
- VMware vCenter and ESXi are ubiquitous in enterprise datacenters and private clouds; a compromise there provides a pathway to dozens or hundreds of guest VMs and their data.
- Hybrid environments (Azure + on‑prem VMware) multiply the exposure surface: cloud tokens, SharePoint, OneDrive, Exchange, and on‑prem domain controllers are all high‑value targets.
- The adversary’s use of Go‑based implants, session‑replay techniques, and MFA device registration demonstrates an evolution beyond commodity malware into tailored tooling that explicitly targets virtualization and cloud management planes.
Technical overview: what WARP PANDA does
Initial access and foothold
WARP PANDA typically obtains initial access by exploiting vulnerable, internet‑facing infrastructure—VPN appliances, BIG‑IP devices, and other edge systems—rather than relying solely on user‑level phishing. Known exploited CVEs include Ivanti Connect Secure VPN vulnerabilities (for example, CVE‑2024‑21887 and CVE‑2023‑46805), F5 BIG‑IP flaws (such as CVE‑2023‑46747), and multiple VMware vCenter vulnerabilities (CVE‑2024‑38812, CVE‑2023‑34048, CVE‑2021‑22005). These vulnerabilities have been used for authentication bypass and remote code execution to reach management consoles. Once inside, the adversary moves laterally toward virtualization management accounts—most notably the privileged vCenter service account vpxuser—and SSH access to ESXi hosts. Attackers have also been observed using SFTP for internal data movement and stealing credentials to accelerate privilege escalation.Targeting hybrid clouds and Microsoft 365
Beyond VMware, WARP PANDA is cloud‑conscious: intrusions included access to Microsoft Azure tenants and Microsoft 365 services such as OneDrive, SharePoint, and Exchange. The adversary has been observed stealing browser session tokens—likely from compromised endpoints—and replaying those tokens to access cloud services, as well as enumerating assets through the Microsoft Graph API. In one intrusion CrowdStrike observed the adversary register a new MFA device to entrench persistence inside an Azure AD account.Operational security and stealth
The group invests heavily in OPSEC. Noteworthy techniques include:- Clearing logs and altering file timestamps.
- Creating malicious VMs that are intentionally left unregistered with vCenter before use, then shut down and removed to limit forensic traces.
- Using implanted software to tunnel and proxy traffic through legitimate cloud and vCenter services to blend with normal operations.
- Using archival utilities such as 7‑Zip to stage and compress data for exfiltration from both ESXi and Linux hypervisor guests.
Malware and toolset: BRICKSTORM, Junction, GuestConduit (deep dive)
WARP PANDA’s toolkit is notable for three custom implants—BRICKSTORM, Junction, and GuestConduit—plus the reuse of JSP web shells in some intrusions.BRICKSTORM
BRICKSTORM is a Golang‑based backdoor implanted on vCenter servers that masquerades as legitimate vCenter server processes. Its capabilities include:- File browsing, download, and upload on compromised systems.
- Tunnelling/proxying network traffic through the vCenter to other infrastructure.
- Persistence mechanisms that survive reboots and file deletion (self‑monitoring/reinstall behavior).
- Encrypted communications that use obfuscation layers such as DNS‑over‑HTTPS and public cloud storage for C2 (command‑and‑control) concealment.
Junction
Junction targets VMware ESXi hosts and runs as a rogue HTTP server that can:- Execute arbitrary commands on the host.
- Proxy and route network traffic.
- Interact with guest VMs through VM sockets (VSOCK), enabling control paths that bypass traditional network monitoring.
GuestConduit
GuestConduit is a Golang implant designed to run inside guest VMs. Its key roles are:- Tunnelling traffic between guest VMs and the hypervisor layer.
- Acting as a communication relay that can receive and dispatch JSON‑formatted commands.
- Cooperating with Junction and BRICKSTORM to create multi‑layer tunnels spanning vCenter, ESXi, and guest VMs.
Vulnerability exploitation — the attack surface explained
The set of CVEs associated with WARP PANDA intrusions highlights common enterprise weaknesses:- CVE‑2024‑21887 and CVE‑2023‑46805 — Ivanti Connect Secure VPN appliances: authentication bypass enables arbitrary commands on edge appliances.
- CVE‑2023‑46747 — F5 BIG‑IP authentication bypass: widely deployed load balancers and ADCs provide high‑value initial access when unpatched.
- CVE‑2024‑38812, CVE‑2023‑34048, CVE‑2021‑22005 — VMware vCenter/DCERPC and vCenter server RCEs: these allow attackers to run code on the management plane that governs VMs and snapshots.
Attack lifecycle and illustrative behaviours
- Reconnaissance against internet‑facing appliances and management consoles.
- Exploit edge device (Ivanti/F5) CVE or leverage stolen credentials to obtain foothold.
- Pivot to vCenter using valid credentials or vCenter RCEs.
- Deploy BRICKSTORM on vCenter and Junction/GuestConduit on ESXi/guests.
- Clone or snapshot domain controller VMs for offline analysis (e.g., to extract NTDS.dit).
- Harvest cloud tokens, replay sessions, and access Microsoft 365 data (OneDrive, SharePoint, Exchange).
- Stage and compress data (7‑Zip), then exfiltrate via tunneled channels mimicking normal management traffic.
- Maintain persistence by registering MFA devices, creating backdoored VMs, and employing self‑repair mechanisms.
Detection challenges and forensic markers
WARP PANDA’s emphasis on blending into management plane traffic and using virtualization APIs makes detection difficult with traditional host‑based telemetry alone. Effective detection requires:- Monitoring vCenter API calls and administrative events for unsanctioned snapshot/clone activity and for VM creations that are never reconciled.
- Watching for VSOCK communications and unexpected HTTP servers running on ESXi hosts.
- Tracking anomalous use of vpxuser or other privileged service accounts, and auditing for MFA device registrations and OAuth/Microsoft Graph API queries.
- Network monitoring for outbound connections that mimic cloud services (e.g., D‑over‑HTTPS to uncommon endpoints, or unexpected use of public cloud storage buckets).
Recommended mitigations and step‑by‑step response (practical guidance)
Organizations should prioritize a mix of immediate tactical actions and longer‑term architectural hardening.- Immediate triage and containment:
- Inventory and isolate internet‑facing appliances (Ivanti, F5, BIG‑IP) and apply vendor patches or mitigations.
- Check for known indicators in vCenter logs—look for unsanctioned VM snapshots, clones, or unregistered VM activity.
- Disable or tightly restrict SSH access to ESXi hosts; require jump hosts and strong MFA for management access.
- Eradication and recovery:
- If vCenter or ESXi are compromised, treat them as fully untrusted: rebuild from known‑good images, rotate crypto keys and service account passwords, and validate integrity of backups.
- Re‑issue/revoke Azure/Microsoft 365 credentials where session tokens or MFA anomalies are observed, and review Azure AD audit logs for Graph API and MFA enrollment activity.
- Longer‑term controls:
- Enforce least privilege on service accounts (including vpxuser) and restrict vCenter administrative roles.
- Segment management networks: isolate vCenter/ESXi management traffic from general corporate LAN and restrict outbound access from the management plane.
- Deploy monitoring that understands virtualization constructs (vCenter API call auditing, ESXi host process monitoring, VSOCK visibility).
- Harden endpoints and servers to prevent browser token theft: endpoint detection and response (EDR), secure browser policies, and controlled extension use.
- Hunting and intelligence:
- Proactively hunt for BRICKSTORM/Junction/GuestConduit indicators where possible and seek assistance when persistent implants are suspected.
- Share anonymized telemetry with trusted vendors and peers to improve detection signatures and community defense.
Industry reaction and vendor responsibilities
Major vendors and cloud providers have issued guidance or statements in response to the disclosures. VMware and Broadcom (which owns VMware’s vSphere business) have emphasized customer responsibility for patching and hardening, while security firms released detailed telemetry and recommended configuration changes. Practically, this means enterprise defenders cannot rely solely on vendor patches; they must actively inventory assets, apply recommended hardening guidance, and monitor management plane telemetry. Security vendors are also adapting: endpoint and cloud security products are extending detection coverage into virtualization layers and offering specialized rulesets for vCenter/ESXi visibility. Organizations should validate that their security stacks include visibility into hypervisor and cloud API activity—not just guest OS telemetry.Attribution and geopolitical context — what is confidently known (and what is not)
- Confident, multi‑source findings: WARP PANDA has used BRICKSTORM and related implants to maintain persistent access to VMware vCenter/ESXi and to access Microsoft 365 resources; multiple independent vendor and national advisories corroborate long dwell times and targeted sectors.
- Attribution assessment: CrowdStrike and several national agencies assess the activity is consistent with intelligence collection aligned to the People’s Republic of China; CrowdStrike characterizes the attribution with moderate confidence based on technical sophistication, targeting patterns, and long‑term resource investment. This kind of attribution is standard in threat intelligence but should be read with the usual caveats—technical similarity and targeting patterns support attribution hypotheses but rarely constitute absolute proof by themselves.
- Unverifiable claims: Specific operational aims beyond general intelligence collection (e.g., whether clones were used to mount sabotage or only for credential harvesting) are not publicly verifiable from available telemetry. Where public reports paraphrase classified or sensitive incident details, those elements should be treated as provisional until fully declassified by agencies. Flagging such details with caution is prudent.
Strategic implications for enterprises and governments
WARP PANDA illustrates a broader shift in sophisticated adversary behavior:- The management plane (vCenter, cloud APIs) is a high‑value target; when compromised, it provides access far beyond a single host or VM.
- Hybrid architectures expand attacker options: stolen session tokens and graph‑api access show how cloud and on‑prem environments are being stitched together by adversaries to deepen persistence.
- The tooling—Golang implants, VSOCK exploitation, and MFA enrollment abuse—reflects investment in long‑term intelligence programs rather than short‑term financial gain. Defenders must prepare for patient adversaries that anticipate patch cycles and aim to remain for years.
What security teams should do this week
- Immediately verify patch status for:
- Ivanti Connect Secure VPN appliances (CVE list and vendor mitigations).
- F5 BIG‑IP devices and any exposed management interfaces.
- VMware vCenter and ESXi servers (apply latest vSphere patches and hardening guidance).
- Audit vCenter for:
- Unregistered VM activity, unexpected clones/snapshots, and unsanctioned VM creations.
- Unexpected service account logins (vpxuser) and new privileged role assignments.
- Hunt for behavioral traces:
- VSOCK traffic patterns, HTTP servers on ESXi, DNS‑over‑HTTPS connections from vCenter hosts, and anomalous Microsoft Graph queries.
- Rotate credentials and revoke/redesign OAuth/MFA artifacts where session token theft is suspected.
- Coordinate with national CERT/CISA and trusted vendors if you find evidence—these agencies can provide playbooks and, in some cases, active assistance.
Conclusion
WARP PANDA is a reminder that the virtualization management plane and hybrid cloud control surfaces are prime targets for patient, well‑resourced adversaries. The group’s use of BRICKSTORM, Junction, and GuestConduit shows deliberate investment in specialized tooling that leverages vCenter/ESXi primitives to tunnel, persist, and exfiltrate while minimizing forensic footprints. Enterprises that operate VMware and Azure alongside Microsoft 365 must treat hypervisor management and cloud API security as first‑order security problems—patch quickly, segment management networks, monitor the vCenter API, and hunt for the subtle behavioral signals of long‑term intrusion. Caveat: while multiple independent vendors and government entities have corroborated many technical details, specific operational motives beyond broad intelligence collection remain inferred rather than exhaustively proven in public reporting; where attribution or motive is asserted with less than definitive evidence, those points are flagged as assessed with moderate confidence. Organizations should treat this advisory‑level intelligence as actionable: inventory, patch, segment, and hunt now—the management plane will likely remain a prime target for the near and medium term.Source: SecurityBrief Asia https://securitybrief.asia/story/warp-panda-cyberespionage-group-targets-us-cloud-networks/
