Chinese Hacker Group Deploys New Malware Tools to Maintain Network Access

The cybercriminal group UNC5221, linked to Chinese intelligence services, is actively refining its methods for infiltrating corporate networks. Recent attacks have shown that threat actors are deploying new malicious tools to bypass security mechanisms and maintain control over compromised systems.

Among the detected threats is the Brickstorm backdoor, which allows hackers to retain access to Microsoft 365 environments even after the initial attack is discovered. Additionally, experts have identified previously unknown malware such as Plenet and AgentPSD, which are used for data collection and lateral movement within networks.

A key feature of this campaign is the attackers' focus on long-term persistence within victim infrastructure. This enables them not only to steal sensitive information but also to create additional entry points for subsequent attacks. Cybersecurity experts recommend that companies enhance network activity monitoring and regularly update their security measures.