BRICKSTORM mitigation guidance
Advisory/Mitigation
Summary
Hide ▲
Show ▼
CISA, NSA, and the Cyber Centre issued BRICKSTORM mitigation and detection guidance for critical infrastructure owners and operators, urging them to review IOCs, apply detection signatures, and harden exposed environments against PRC-linked activity.
Related Happenings
CISA zero-trust SASE guidance for TIC 3.0
Public Sector Action
H score30
First: 25.06.2026 14:30
Last: 25.06.2026 14:30
Sources 1
About this happening:
CISA published **new guidance** on **June 24** for **federal civilian executive branch agencies** to replace legacy internet gateways with **SASE** as part of the move from **TIC...
CISA zero-trust SASE guidance for TIC 3.0
Public Sector ActionAbout this happening: CISA published **new guidance** on **June 24** for **federal civilian executive branch agencies** to replace legacy internet gateways with **SASE** as part of the move from **TIC...
CISA-led joint advisory to secure internet-exposed ATG systems
Public Sector Action
H score43
First: 05.06.2026 17:50
Last: 05.06.2026 17:50
Sources 1
About this happening:
On **2026-06-05**, **CISA**, the **FBI**, the **NSA**, the **Department of Energy**, and other U.S. partners issued a **joint advisory** telling **critical infrastructure organiza...
CISA-led joint advisory to secure internet-exposed ATG systems
Public Sector ActionAbout this happening: On **2026-06-05**, **CISA**, the **FBI**, the **NSA**, the **Department of Energy**, and other U.S. partners issued a **joint advisory** telling **critical infrastructure organiza...
US government warning on Iran-affiliated critical infrastructure disruption risk
Public Sector Action
H score24
First: 18.05.2026 18:41
Last: 18.05.2026 18:41
Sources 1
About this happening:
The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...
US government warning on Iran-affiliated critical infrastructure disruption risk
Public Sector ActionAbout this happening: The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...
CISA releases CI Fortify guidance for critical infrastructure resilience
Public Sector Action
H score29
First: 05.05.2026 15:00
Last: 05.05.2026 15:00
Sources 1
About this happening:
CISA released CI Fortify, guidance for critical infrastructure operators across sectors to help keep essential services running during cyberattack or crisis conditions. The framew...
CISA releases CI Fortify guidance for critical infrastructure resilience
Public Sector ActionAbout this happening: CISA released CI Fortify, guidance for critical infrastructure operators across sectors to help keep essential services running during cyberattack or crisis conditions. The framew...
Latest development: 06.05.2026 16:15
CISA launched CI Fortify on Tuesday as a planning framework for critical infrastructure operators in water, energy, transportation and communications to prepare for cyber disruption by disconnecting OT systems from third-party and business networks, maintaining essential services in degraded communications conditions, and recovering compromised systems through backups, component replacement, or a transition to manual operations.
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
H score66
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
Timeline
-
04.12.2025 14:00 2 articles · 7mo ago
CISA, NSA, and Cyber Centre release BRICKSTORM guidance
Initial DisclosureCISA, the National Security Agency, and the Canadian Centre for Cyber Security released a BRICKSTORM malware analysis report for VMware vSphere, VMware vCenter servers, and Windows environments used by People’s Republic of China state-sponsored actors, providing indicators of compromise, detection signatures, YARA and SIGMA rules, and mitigation steps for critical infrastructure defenders, especially Government and Information Technology organizations.
Show sources
- CISA, NSA and Cyber Centre Warn Critical Infrastructure of BRICKSTORM Malware Used by People’s Republic of China State-Sponsored Actors — www.cisa.gov — 04.12.2025 14:00
- CISA, NSA and Cyber Centre Warn Critical Infrastructure of BRICKSTORM Malware Used by People’s Republic of China State-Sponsored Actors — www.cisa.gov — 04.12.2025 14:00