VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

VerdantBamboo, a China-nexus espionage group, is deploying BRICKSTORM backdoor variants alongside PLENET and AGENTPSD malware against Linux appliances, particularly targeting MSPs. The group exploits privilege escalation flaws to compromise cloud environments and establish persistence. Linux-based infrastructure and MSP customers are at immediate risk of compromise and lateral movement into cloud tenants.

CRITICALAdvisoryJun 08, 2026

Action required

Hunt for BRICKSTORM, PLENET, and AGENTPSD IOCs across Linux appliances and MSP infrastructure. Prioritize privilege escalation attempts and unusual process execution on Linux systems. Review MSP access logs for unauthorized activity and lateral movement into customer cloud environments.

Affected products

Egnyte Storage SyncMicrosoft 365

Linked articles

VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

Source links

https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html