VerdantBamboo deployed a BSD variant of BRICKSTORM to appliances via MSP and Egnyte compromise

Colleagues — cybersecurity alert: Volexity reported VerdantBamboo deployed a BSD build of the BRICKSTORM backdoor to network appliances.
What happened:
- BRICKSTORM (BSD), PLENET (GRIMBOLT) and AGENTPSD found on Egnyte Storage Sync, pfSense and Synology NAS; Storage Sync abuse involved an LPE (patched in 13.13).
- Actors proxied traffic through devices, used stolen credentials to access M365, re-entered by compromising an MSP and configuring a web SSL VPN.
- PLENET — cross‑platform backdoor; AGENTPSD — Python reverse shell. Goal: EDR evasion and traffic masking.
Why it matters: MSP compromise and vulnerable appliances enable long‑term access.
How are you protecting MSPs and network appliances?
#cybersecurity #MSP #appliances #BRICKSTORM


Latest comments
No comments yet.