IntelAnother BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is being used to maintain persistent access to victim organizations in the United States. Since March 2025, Mandiant Consulting has responded to intrusions across a range of industry verticals, most notably legal services, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and Technology. The value of these targets extends beyond typical espionage missions, potentially providing data to feed development of zero-days and establishing pivot points for broader access to downstream victims.
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)
Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat groups, including Earth Lamia and Jackpot Panda. This critical vulnerability in React Server Components has a maximum Common Vulnerability Scoring System (CVSS) score of 10.0 and affects React versions 19.x and Next.js versions 15.x and 16.x when using App Router.
Operation Dragon Breath (APT-Q-27): Dimensional Reduction Attack Against the Gambling Industry
A threat group known as Golden Eye Dog (APT-Q-27) has been targeting individuals involved in gambling and related activities in Southeast Asia, as well as overseas Chinese communities. The group's operations include remote control, cryptocurrency mining, DDoS attacks, and traffic-related activities. Their malware samples are primarily distributed through Telegram groups, with strong anti-detection capabilities and highly targeted lures. The article describes new watering hole activities by the group, including the use of modified MSI installers for popular messaging apps like Telegram. The group has evolved its tactics since previous reports, making their operations more covert and difficult to detect. The analysis reveals the group's use of various programming languages and sophisticated techniques, suggesting it may be part of a larger, more advanced organization called Miuuti Group.