"Volexity assesses with high confidence that this was done to blend in with legitimate network traffic and evade Conditional Access policies that would have otherwise prevented access," the researchers wrote — a concise summary of how a Chinese-linked espionage group maintained long-term access inside U.S. environments.
UNC5221 / VerdantBamboo: long dwell, repeated access
Volexity's investigation into a breach last year attributes the intrusions to UNC5221, also tracked as VerdantBamboo. Researchers found the threat actor had been present on the victim network for at least 18 months before detection, and that Brickstorm, a backdoor described as "an advanced malware implant," was used undetected in environments of various U.S. targets for more than a year until breaches were discovered around March 2025.
The intrusions included a second compromise after Volexity completed remediation work: the adversary returned a few days later, re-established access, and deployed additional custom malware. That sequence — long dwell followed by a rapid re-entry — was central to Volexity's assessment of VerdantBamboo as "a highly sophisticated threat actor."
How Brickstorm was used and how it evolved
Brickstorm served as a primary persistence and proxying tool in the campaign. Initial variants were written in Golang; later variants appeared written in Rust. Volexity observed Brickstorm proxying and the use of stolen credentials to access a target's Microsoft 365 environment. The researchers explicitly tied that technique to an operational goal: to "blend in with legitimate network traffic and evade Conditional Access policies."
Public advisories have also flagged Brickstorm against enterprise infrastructure: CISA warned of Brickstorm being deployed against VMware vSphere servers, and Google reported Brickstorm's deployment by another tracked actor, UNC6201, against Dell RecoverPoint for Virtual Machines. Google documented UNC5221 activity using Brickstorm in April 2024 and again in September 2025.
Compromise chain: MSPs, appliances, and credential pivoting
Volexity's timeline traces the initial foothold to an Egnyte Storage Sync system accessed periodically via the victim's web SSL VPN. From that foothold, proxying and stolen credentials enabled access to Microsoft 365. Later, the attacker used stolen credentials to enable and configure SSL VPN access on the victim’s firewall and connected to internal systems.
The investigation extended to the customer's managed services provider (MSP). Volexity discovered a BSD variant of Brickstorm on a pfSense firewall at the MSP and concluded that the firewall, like the victim organization’s Storage Sync system, had been compromised at least 18 months earlier. The researchers assigned medium confidence to the assessment that the attacker pivoted from the MSP into the victim organization's environment.
Plenet (Grimbolt) and AgentPSD: additional access tools
When VerdantBamboo returned a few days after initial remediation, it deployed Plenet to a Synology NAS appliance. Plenet — also tracked as "Grimbolt" by Google — is a cross-platform .NET-based backdoor offering interactive shell access, remote command execution, file manipulation, and command-and-control (C2) server switching. Volexity noted Plenet's design resembled Brockstorm, using the WebSocket protocol for C2 communications and a multiplexing library for simultaneous data streams.
Volexity also uncovered AgentPSD, a simple Python-based reverse shell the researchers believe was intended as a fallback persistence mechanism. AgentPSD was configured to connect to a different domain than Brickstorm's C2, but it was never used because Brickstorm remained operational — supporting the assessment that AgentPSD was secondary access rather than primary.
What this means for security teams, MSPs, and software/platform owners
- Security teams and technologists: the campaign shows how proxying plus stolen credentials can defeat Conditional Access controls and that Brickstorm variants exist in multiple languages (Golang, Rust). Teams should note Volexity's observation that VerdantBamboo targets systems that do not support endpoint detection and response (EDR) solutions.
- Managed service providers and their clients: Volexity found compromise of an MSP's pfSense firewall and the possibility that the attacker pivoted from the MSP into the customer environment. That sequence underscores the risk posed when MSP infrastructure and customer systems share administrative paths or legacy appliances.
- Software and appliance vendors (Egnyte, Synology, firewall vendors): the campaign involved an Egnyte Storage Sync appliance, a Synology NAS, and a retired Linux GroupWise email archive server. Observations about Brickstorm being deployed against vSphere and RecoverPoint for Virtual Machines indicate the actor targets a diversity of platforms and appliances.
Volexity published a list of indicators of compromise (IOCs) linked to the investigated UNC5221 campaign and created a fingerprint to identify IPs and domains used by Brickstorm for C2. The researchers found multiple matching machines but observed that "between September 18 and September 23, all of the servers previously matching this pattern turned off their services on port 443." Google published a new report on Brickstorm around the same time, which Volexity notes may suggest the attacker was aware of ongoing investigations.
The case presents a compact playbook: exploit edge and sync appliances, persist via Brickstorm and variants, use proxying and stolen credentials to access cloud services, and fall back to secondary shells if needed. For defenders, the hard question left on the table is whether detection and remediation of single nodes — without addressing MSP exposures and cross-environment credential use — will prevent rapid re-entry by a capable actor.
Source: BleepingComputer — Chinese APT deploys new malware to keep access to hacked networks
