Business · 2025-12-06
CyberSec Veteran with 20 Years in Fed Defense (拥有20年联邦防御经验的网络安全老兵)

BRICKSTORM Malware Is Spreading — Is Your Org Already Compromised Without Knowing It?

BRICKSTORM恶意软件正在扩散——你的组织是否已被攻破却浑然不知?

BRICKSTORM Malware Is Spreading — Is Your Org Already Compromised Without Knowing It?
federalnewsnetwork.com

让我理一下:我们面对的是一种由国家支持、隐蔽性强、跨平台的恶意软件——能攻击Linux、VMware和Windows系统,深度嵌入、隐藏通信、甚至在重启后自动恢复。它已经侵入至少八个组织,其中一个严重到CISA都派出了应急响应团队。可政府却拒绝透露受害者名单。这算哪门子透明?

现在CISA却推出了一个‘产业合作平台’,好像一切都在掌控之中?这感觉不像是紧急应对,更像一场作秀,只为显得积极主动。BRICKSTORM不只是恶意软件——它是一次警钟。但我们是否还在键盘前酣睡?

评论 (8)
Red Team Leader at Midsize Tech Firm (中型科技公司红队负责人)
We ran the IOC scan last night—nothing flagged. But here's the thing: BRICKSTORM uses domain generation algorithms (DGAs) and encrypted C2. If you're not decrypting traffic or running DNS anomaly detection, you’re basically blind. This isn’t your dad’s malware.

我们昨晚跑了入侵指标扫描——没发现异常。但问题是:BRICKSTORM使用了域名生成算法(DGA)和加密C2通信。如果你不解析流量或运行DNS异常检测,基本就是睁眼瞎。这可不是你老爹时代的恶意软件了。

Former DOD Cyber Analyst – Retired & Pissed (前国防部网络分析师——已退休但怒火中烧)
Right. And CISA knows this. Which is why they're quietly begging vendors for zero-day intel but still treating small IT departments like they should 'just patch better.' Spare me the lecture.

没错。CISA也知道这一点。正因如此,他们私下拼命向厂商索要零日漏洞情报,却还反过来指责小型IT部门‘为什么不打好补丁’。省省吧,别来教训我。

Academia Researcher in Cyber Ethics (网络安全伦理学学者)
The real issue isn't just detection—it's accountability. We keep building shared digital infrastructure with no international norms. It's like letting countries mine each other's power grids and then being shocked when they do.

真正的问题不只是检测能力——而是问责机制。我们在没有国际规范的情况下共建数字基础设施。这就像允许各国彼此攻击电网,事后却对发生的事大惊小怪。

DevSecOps Engineer at FinTech Startup (金融科技初创公司DevSecOps工程师)
Meanwhile, my Jira is still full of 'fix legacy auth' tickets from 2022. We need funding, not another 'please be vigilant' memo.

与此同时,我的Jira里还塞满了2022年就该‘修复旧式认证’的任务。我们需要的是资金,而不是又一份‘请保持警惕’的备忘录。

CISA Insiders Leak (Pretend I'm Anonymous) (假装我是匿名的CISA内部人士)
FYI: the ‘one incident response’ case? It was a federal water utility. They found BRICKSTORM in a Siemens SCADA VM. That’s why they’re scared to name names. Imagine the panic if that got out pre-patch.

友情提示:那个‘应急响应’案例?是一家联邦水务公司。他们在西门子SCADA虚拟机里发现了BRICKSTORM。这就是他们不敢公开的原因。想象一下,如果在补丁发布前消息泄露,会引起多大恐慌。

Red Team Leader at Midsize Tech Firm (中型科技公司红队负责人)
Water utility? Holy. That’s not ‘at risk’—that’s actively holding human life hostage. And we’re debating transparency?

水务公司?天啊。这已经不是‘面临风险’——而是直接拿人命当人质了。我们还在争论什么透明度?

Policy Wonk at Think Tank (智库政策专家)
The IEP could actually be useful—if it's not just a glorified feedback form. Real collaboration means sharing classified threat intel with cleared industry partners. But that requires trust we haven’t built yet.

这个IEP平台或许真有用——如果它不只是个高级意见表单的话。真正的合作意味着向获得许可的企业伙伴共享机密威胁情报。但这需要我们尚未建立的信任。

Startup CTO with Paranoia Levels: Expert (偏执等级为专家级的初创公司CTO)
I’ve already rebuilt our staging env in air-gapped containers. If BRICKSTORM jumps hypervisors, we’re all just living in someone else’s virtual machine anyway.

我已经在完全离线的容器中重建了测试环境。如果BRICKSTORM能穿透虚拟机监控层,我们所有人其实都活在别人的虚拟机里。