Threat Research

    From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day

    During analysis of compromised Dell RecoverPoint for Virtual Machines systems, Identified BRICKSTORM binaries later replaced by GRIMBOLT in September 2025. GRIMBOLT is a C# foothold backdoor built with Native AOT compilation and packed using UPX....
    2/18/2026  0
    Read More »

    Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary

    WARP PANDA is a newly identified, highly advanced China-nexus threat actor targeting VMware vCenter and ESXi environments across U.S. organizations in 2025. The group demonstrates strong technical skill, exceptional OPSEC, and deep expertise in cloud and virtualized systems....
    12/8/2025  0
    Read More »

    BRICKSTORM Backdoor

    BRICKSTORM is an advanced backdoor targeting VMware vSphere, including vCenter servers and ESXi, as well as Windows systems. The actors specifically focused on compromising VMware vSphere platforms. After gaining access, they used the vCenter console to steal VM snapshots for credential harvesting and to create hidden rogue VMs....
    12/5/2025  0
    Read More »

    Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors

    We are tracking BRICKSTORM malware, used to maintain long-term access to U.S. organizations. Since March 2025, Team Consulting has responded to intrusions in sectors like legal, SaaS, BPOs, and tech. The targets likely support zero-day development and serve as pivot points to broader victims....
    10/9/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.