UNC5221 Leverages BRICKSTORM Malware for Prolonged Access to U.S. Tech and Legal Industries

September 24, 2025 - 17:17

A sophisticated cyber threat actor known as UNC5221 has been utilizing the BRICKSTORM malware to establish and maintain a stealthy presence within the U.S. software-as-a-service (SaaS), legal, and technology sectors for an astonishing 393 days. This prolonged infiltration emphasizes the evolving tactics of cybercriminals who are increasingly targeting critical sectors to exploit sensitive data and disrupt operations.

BRICKSTORM operates by creating backdoor access, allowing UNC5221 to navigate through networks undetected. This malware has been linked to various malicious activities, including data exfiltration and the potential for further attacks on vulnerable systems. The stealthy nature of BRICKSTORM makes it particularly challenging for organizations to identify and mitigate the threat.

Security experts are urging companies in these sectors to bolster their cybersecurity measures, emphasizing the importance of monitoring for unusual network activity and implementing robust incident response protocols. The ongoing threat posed by UNC5221 highlights the necessity for vigilance against sophisticated cyber threats in an increasingly digital landscape.