VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

VerdantBamboo deployed a BSD variant of BRICKSTORM to appliances via MSP and Egnyte compromise

VerdantBamboo внедрил BSD‑версию BRICKSTORM в appliances через компромисс MSP и Egnyte

Colleagues — cybersecurity alert: Volexity reported VerdantBamboo deployed a BSD build of the BRICKSTORM backdoor to network appliances.

What happened:
- BRICKSTORM (BSD), PLENET (GRIMBOLT) and AGENTPSD found on Egnyte Storage Sync, pfSense and Synology NAS; Storage Sync abuse involved an LPE (patched in 13.13).
- Actors proxied traffic through devices, used stolen credentials to access M365, re-entered by compromising an MSP and configuring a web SSL VPN.
- PLENET — cross‑platform backdoor; AGENTPSD — Python reverse shell. Goal: EDR evasion and traffic masking.

Why it matters: MSP compromise and vulnerable appliances enable long‑term access.

How are you protecting MSPs and network appliances?
#cybersecurity #MSP #appliances #BRICKSTORM

Latest comments

No comments yet.