Dedicated IP is now available on Surfshark’s extension

Posted in Commentary with tags on September 29, 2025 by itnerd

Surfshark has launched a dedicated IP feature for its browser extension, available on Google Chrome, Mozilla Firefox, and Microsoft Edge. This addition allows users to route only browser traffic through a dedicated IP.

According to Justas Pukys, Senior Product Manager at Surfshark, the company constantly looks for opportunities to improve the user experience and provide innovative solutions across the industry.

A dedicated IP is well known for reducing human verification requests (CAPTCHA). When multiple users share the same IP address, websites often send verification requests, such as “Select images with traffic lights.” Dedicated IP minimizes this issue by assigning a static address, making traffic appear more consistent to websites. Also, as only one user generates traffic through the IP, it may lead to more stable connections.

Additionally, dedicated IP simplifies access to remote networks by eliminating the unpredictability of changing addresses associated with shared VPN servers. This provides unrestricted service access, allowing users to access apps and websites that block shared IPs or don’t work when IP changes frequently.

Currently Surfshark offers 20 dedicated IP locations: Australia – Sydney; Brazil – Sao Paulo; Canada – Toronto; France – Paris; Germany – Frankfurt am Main; Hong Kong – Hong Kong; Italy – Milan; Japan – Tokyo; the Netherlands – Amsterdam; Poland – Warsaw; Singapore – Singapore; South Africa – Johannesburg; Turkey – Istanbul; United Kingdom – London; United States – Dallas, Denver, Las Vegas, Los Angeles, New York, and San Jose.

The dedicated IP feature is available on Android, Windows, iOS, and macOS and supports all major protocols, including WireGuard®, for maximum speed. Since it has now been included in the extension, all users can access it on Google Chrome, Mozilla Firefox, and Microsoft Edge browsers.

Leave a comment »

Keepit upsizes and refinances credit facilities to $60 million USD

Posted in Commentary with tags on September 29, 2025 by itnerd

Keepit, the world’s only vendor-neutral and truly immutable cloud dedicated to SaaS data protection, today announced a strategic financial update to upsize and refinance its credit facilities amounting to $60 million USD from the Export and Investment Fund of Denmark (EIFO) and HSBC Innovation Banking. This move is designed to leverage the recent $50 million USD funding round from December 2024 .

Financing overview and strategic rationale

The refinancing plan consists of upsizing by $20 million USD and refinancing $40 million USD of existing HSBC Innovation Banking/EIFO facilities. The total facility will increase from $40 million pre-financing to $60 million post-financing with only a portion of the previous amount drawn today. The company aims to build upon the momentum from the funding round in December 2024, reflecting strong growth.

Company position and future outlook

Keepit is positioned strongly with cash reserves projected to remain robust for years ahead. The company has experienced significant growth since the previous year. Keepit is expanding its market focus towards larger clients, having demonstrated relevance and value to this segment. The additional funds raised will be directed toward future-proofing the organization, supporting ongoing product development, innovation, and efforts to deepen market penetration.

Keepit provides a next-level SaaS data protection platform purpose-built for the cloud. Securing data in a vendor-independent cloud safeguards essential business applications, boosts cyber resilience, and future-proofs data protection. Unique, separate, and immutable data storage with no sub-processors ensures compliance with local regulations and mitigates the impact of ransomware while guaranteeing continuous data access, business continuity, and fast and effective disaster recovery. Headquartered in Copenhagen with offices and data centers worldwide, more than 18,000 companies trust Keepit for its ease of use and effortless backup and recovery of cloud data.  

For more information visit www.keepit.com.

Leave a comment »

Maximor get $9m for AI that takes on finance grunt work while keeping it BAU

Posted in Commentary with tags on September 29, 2025 by itnerd

Finance leaders know they should be spending more time guiding business decisions, yet their teams spend most of their time shuffling data between systems and fixing spreadsheets. Maximor wants to change that. The company today announced a $9 million seed round to expand its finance automation platform — AI agents that plug into ERPs, payroll, billing, and bank systems to take on the repetitive accounting work and produce audit-ready outputs by default.

The round was led by Foundation Capital, with participation from Gaia Ventures (founded by SAP’s former Chief Strategy Officer) and Boldcap. Notable angels include Aravind Srinivas (CEO of Perplexity), Tien Tzuo (CEO of Zuora), and CFOs/finance leaders from Ramp, Gusto, Opendoor, MongoDB, and the Big Four.

Finance leaders today face a paradox: they’re expected to steer strategy while their teams are buried in reconciliations, close checklists, and fragmented systems. The talent pipeline of accountants is also at a breaking point—three-quarters of accountants are expected to retire by 2030, while fewer graduates enter the field. That leaves companies stretched thin, raising the odds of costly errors and slowing down audits.

Across its customer base, Maximor has delivered three strategic outcomes: ~40% more team capacity, freeing finance staff to focus on strategy, not mechanics, Cleaner audits and streamlined closes, reducing compliance and valuation risk; and Unified, cross-silo visibility across existing finance & operational systems – so finance leaders can make faster, better-informed decisions with AI’s reasoning capabilities

Proptech business Rently, with global operations across three countries, cut its month-end close from 8 days to 4 within the first month of using Maximor, while avoiding two incremental accounting hires for repetitive work.  While, multi-billion-dollar AUM registered investment advisor business Invst was able to automate reconciliations, allocations, and reporting, unlocking advisor-level profitability insights that were previously impractical.

Maximor is not another point solution. It is a financial command center that connects both financial and operational systems—ERPs like NetSuite and Intacct, banks, payroll, CRMs, and SaaS data—into a single reconciled source of truth. 

On this unified data foundation, Maximor deploys specialized finance agents across revenue, cash, close, and reporting. Powered by its proprietary Audit-Ready Agent™ architecture, these agents generate workpapers, reviewer notes, and audit trails by default. The result: automation that is natively explainable, compliant, secure and enterprise-grade—tailored to the exacting needs of the CFO’s office.

Co-founders Ramnandan Krishnamurthy and Ajay Krishna Amudan saw the problem firsthand while leading Microsoft’s digital transformation group and working with global corporate finance teams: despite millions poured into ERPs and accounting tools, technical limitations forced critical workflows back into spreadsheets—creating endless manual work, slow closes, and costly errors.

Maximor’s design philosophy, “Design for Progress” reflects its commitment to helping finance leaders build financially progressive companies: outcome-assured automation adapted to each organization’s finance ops style, not a one-size-fits-all template.

Over the last two decades, financial software has over-promised and under-delivered, fragmenting workflows across point tools with no intelligence baked in. Unlike point tools that automate fragments, Maximor is the only platform built to automate finance processes end-to-end—”cradle to grave”—with enterprise-grade control. It uniquely combines a unified finance context layer with a specialized system of agents, powered by its  Audit-Ready Agent™ architecture – delivering CFOs automation with evidence, not just speed.

Maximor is expanding in three directions: Deeper automation across the breadth of repetitive accounting flows, Vertical modules tailored for specific sectors with high urgency to adopt; and Strategic finance insights that move teams from reactive reporting to proactive scenario planning and decision support. The vision: an always-on, audit-ready AI-powered finance team for every mid-market and enterprise company.

Leave a comment »

New Phishing Campaign Uses LLMs To Craft SVG Payloads To Pwn You

Posted in Commentary with tags on September 29, 2025 by itnerd

Microsoft has flagged a new phishing campaign that appears to leverage large language models (LLMs) to craft obfuscated SVG payloads, making them appear like legitimate business analytics dashboards. The attack chain uses compromised business email accounts, self-addressed emails, and SVG files containing business-related terminology and modular, over-engineered code that mimics legitimate content. This enables phishing lures to evade static analysis and detection tools. While the campaign was limited in scope and blocked, Microsoft warns that AI-assisted obfuscation and synthetic phishing techniques are growing trends, with attackers increasingly adopting LLMs to automate and enhance their tactics.

You can read more via this Microsoft blog post: https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign/

Anders Askasen, VP of Product Marketing, Radiant Logic had this comment:

“AI-driven phishing shows us that the frontline isn’t the payload, it’s the person behind the login. Attackers aren’t just tricking defensive filters anymore, they are using LLMs to mimic the texture of legitimate business data. That’s why identity observability is critical. If you can unify identity data into one source of truth, you can see when an account behaves out of character, when credentials are being replayed, or when entitlements don’t match expected patterns. The only way to counter AI-scaled deception is with unified identity intelligence that lets defenders observe, correlate, and act in real time.”


Andrew Obadiaru, CISO, Cobalt follows with this comment:

“Phishing has always been about social engineering, but AI is fundamentally changing the game by making attacks harder to detect both technically and psychologically. The use of LLMs to generate verbose, business-like code isn’t just obfuscation—it’s camouflage that blends seamlessly into enterprise workflows. Security teams can’t rely on static filters or signature-based defenses to catch this. The focus must shift to behavioral detection, red-teaming against AI-assisted tactics, and shortening remediation cycles before attackers can exploit the gap.”

This highlights the fact that we all need to work harder than ever to stay ahead of the bad guys. Because they continue to evolve their tactics to allow them to succeed in making your life as miserable as possible.

Leave a comment »

Wallarm Leads Development of New A2AS Standard for Agentic AI Security

Posted in Commentary with tags on September 29, 2025 by itnerd

Wallarm today announced its role in the publication of “A2AS: Agentic AI Runtime Security and Self-Defense,” a groundbreaking research project led by Eugene Neelou (OWASP, Wallarm) together with researchers from AWS, Bytedance, Cisco, Elastic, Google, JPMorganChase, Meta, and Salesforce.

The A2AS framework introduces a new security layer for AI agents, LLM-powered applications, and AI protocols, similar to how HTTPS secures HTTP.

The A2AS framework is built on three breakthrough capabilities that fundamentally address agentic AI security risks such as prompt injection, tool misuse, and agent compromise:

  • Behavior Certificates: The industry’s first mechanism for declaring and enforcing AI agent actions and permissions. Like HTTPS certificates secured the web, behavior certificates can secure agentic AI interactions with users, tools, and other agents.
  • Model Self-Defense Reasoning:  Embeds security awareness directly into the AI model’s context window, guiding it to recognize and reject malicious or untrusted instructions in real time without any external components or guardrails.
  • Prompt-Level Security Controls: Provides authenticated prompts, security boundaries, and policy-as-code so that every request and interaction is verified, sandboxed, and aligned with enterprise security policies.

As enterprises rapidly deploy agentic AI into workflows across finance, healthcare, and infrastructure, the security risks scale from individual task failures to enterprise-wide compromise. Traditional guardrails and post-processing methods have proven to be too slow, too complex, and too costly. A2AS offers a practical, lightweight, and scalable approach that protects AI agents at runtime without adding latency or operational complexity.

Eugene Neelou, an industry pioneer and Head of AI Security at Wallarm, serves as the lead for the A2AS project. Neelou previously coined the term MLSecOps, co-founded the world’s first AI red teaming startup, and co-authored the OWASP Top 10 for LLM Security. He is joined by Ivan Novikov, Founder and CEO of Wallarm, who contributed his expertise in API and AI security.

The A2AS paper is the first in a series of publications aimed at establishing A2AS as the industry standard for AI runtime security. Researchers, engineers, and enterprises interested in design partnerships or early adoption are invited to read the paper, learn more, and get involved at https://a2as.org. Contact the project team to explore collaboration opportunities and shape the future of secure AI.

Leave a comment »

NEW FROM FORCEPOINT X-LABS: XWorm RAT Delivered via Shellcode

Posted in Commentary with tags on September 26, 2025 by itnerd

This morning, the researchers from Forcepoint X-Labs have released a new blog post detailing a new way attackers are using shellcode as an enabling technology for modern remote access trojan campaigns — and an old technique with a new infection. The example in the post injects the XWorm RAT.

Campaign Highlights:

The campaign is delivered by phishing email, using a fake invoice as a lure. Sequence:

  • The email has an Office file (.xlam) attachment, which, on downloading and opening, shows a blank or corrupted Office file. 
  • This malicious document has an embedded oleObject1.bin file, which hides embedded shellcode. 
  • The shellcode, when executed, initiates connection to retrieve and deploy secondary payload.
  • The second payload, which was an executable, was found to be a .NET binary that reflectively loaded into the memory.
  • The second stage .DLL file from memory uses heavily obfuscated packing and encryption techniques.
  • The next and final step performs a process injection in its own main executable file, maintaining persistence and exfiltrating data to its Command & Control servers. 
  • The C2s where data was exfiltrated was found to be related to XWorm family.

Authored by Prashant Kumar, senior research at Forcepoint, the full post with detailed illustrated example with images can be found at: https://www.forcepoint.com/blog/x-labs/xworm-rat-shellcode-multi-stage-analysis

Leave a comment »

Darktrace Unveils Automated Forensics Capabilities in its ActiveAI Security Platform™ to Advance Hybrid and Multi-Cloud Security 

Posted in Commentary with tags on September 26, 2025 by itnerd

 Darktrace, today announced the launch of Darktrace / Forensic Acquisition & Investigation™, the industry’s first truly automated cloud forensics solution. The solution provides security teams immediate access to forensic-level data, equipping them with critical context to investigate threats quickly and thoroughly across hybrid, multi-cloud and on-premises environments. When paired with the newly enhanced Darktrace / CLOUD™, organizations gain a complete cloud security solution that combines posture management with real-time detection, response and forensic investigation – potentially reducing investigation times from days to mere minutes.  

Cloud adoption has outpaced security operations, creating blind spots that adversaries are quick to exploit. Nearly 90% of organizations report suffering damage before they can contain cloud incidents, and 65% say investigations take three to five days longer in the cloud compared to on-premises environments, according to a survey of 300 cloud security decision makers. Traditional log-based alerts miss behaviors such as lateral movement or privilege escalation, while evidence from ephemeral assets like containers and serverless functions often disappears before it can be collected — leaving security teams struggling to respond effectively. 

At the same time, attacks against cloud workloads are increasingly aggressive. New analysis of Darktrace’s Cloudypot honeypots reveals that attacks on tools like Jupyter Notebooks often arrive in sudden bursts, generating high volumes of attacks in a short period of time from a small group of persistent attackers. These findings highlight that when adversaries target the cloud, they strike quickly and at scale, leaving defenders little time to investigate before critical evidence disappears. 

Introducing Darktrace / Forensic Acquisition & Investigation 

Darktrace / Forensic Acquisition & Investigation is an automated forensic investigation solution designed for the speed and complexity of modern cloud environments. It captures and analyzes host-level evidence — including disk, memory, and logs — at the exact moment a threat is detected, even from short-lived assets such as containers or serverless workloads. These investigations can be triggered by Darktrace or by detections from existing cloud security tools.  

Unlike point solutions that depend on manual snapshots or agents, Darktrace collects evidence directly through cloud APIs, ensuring investigations begin instantly, and critical data from ephemeral workloads is never lost. By preserving volatile data and reconstructing attacker behavior in real time, the solution adds critical context to everyday investigations, enabling security teams to understand root causes quickly and shorten investigation times from days to mere minutes — a critical advantage as over 40% of organizations report suffering significant damage from cloud alerts that were never investigated at all.  

This solution represents the evolution of capabilities gained through Darktrace’s acquisition of Cado Security earlier this year, alongside continued research and development investment to expand and advance Darktrace’s cloud security portfolio. 

Key capabilities of the Darktrace / Forensic Acquisition & Investigation solution include: 

  • Automated hybrid forensic capture: Collects host-level data, including disks, memory, logs, and artifacts the moment an alert is raised across on-premises, AWS, Azure, GCP and SaaS environments.  
  • Ephemeral data capture: Preserves evidence from short-lived workloads including AWS ECS, Kubernetes, and distro-less or no-shell containers, retaining critical data so that it can be investigated. 
  • Automated investigation with complete timelines: Automatically reconstructs attacker behavior into unified timelines, distilling massive volumes of events into the most significant insights providing rapid clarity and root cause in minutes without manual correlation. 
  • Scalable response and reporting: Supports parallel investigations across multiple systems and automatically generates exportable reports to help reduce analyst workload and assist with compliance burdens. 
  • Rapid deployment and seamless integration: Offers flexible SaaS or on-premises deployment, and integrates with existing SIEM, XDR, CNAPP, EDR, NDR, and cloud-native tools so that any alert can trigger immediate forensic capture and investigation. 

Darktrace / Forensic Acquisition & Investigation can be deployed as a standalone product, giving new customers immediate access to automated cloud forensics to support SOC and incident response teams in their day-to-day management of cloud security threats, or integrated across the Darktrace ActiveAI Security Platform for end-to-end investigations and response across an organization’s entire digital estate. It is particularly powerful when paired with Darktrace / CLOUD, where the two solutions bring real-time cloud detection and response and forensic-level investigation together in a single workflow. 

Unifying Cloud Detection, Response, and Forensic Investigation with Darktrace / CLOUD 

Customers can now add Darktrace / Forensic Acquisition & Investigation capabilities to Darktrace’s leading cloud detection and response (CDR) product. With Darktrace / CLOUD, security teams benefit from:  

  • Autonomous detection and response: Self-Learning AI continuously monitors cloud environments to spot both known and novel threats and automatically contain them at machine speed. 
  • Dynamic cloud visibility: Live mapping of assets, services, and architectures to reveal blind spots, track attacker movement, and provide real-time context. 
  • Proactive risk management: Automated posture checks and attack path modeling that surface misconfigurations and exposures before attackers can exploit them. 

When adding Darktrace / Forensic Acquisition & Investigation to Darktrace / CLOUD, the solutions work together seamlessly to detect threats as they emerge and preserve the forensic evidence needed to investigate them. As Darktrace / CLOUD detects and blocks suspicious cloud activity, Darktrace / Forensic Acquisition & Investigation will capture disk, memory, and log data from the affected asset, allowing teams to immediately contain threats while preserving the critical evidence needed to investigate and remediate the incident.  

Alongside this integration, Darktrace has strengthened its core cloud capabilities to make investigations even faster and more intuitive. Enhancements include more intuitive cloud architecture diagrams that make complex environments easier to interpret, along with expanded detection of advanced attacker techniques such as lateral movement, command-and-control, and privilege escalation. 

When uniting threat detection, response, and automated forensics in one platform, security teams can shift cloud investigations from reactive and fragmented to fast, automated, and context-rich — enabling organizations to harness the benefits of the cloud while effectively mitigating risks. 

Availability  

Darktrace / Forensic Acquisition & Investigation, the integrations across the Darktrace ActiveAI Security Platform and new features in Darktrace / CLOUD are available now.  

Leave a comment »

Guest Post: Why Voice AI Could Be the Career Move That Puts You on the Executive Shortlist

Posted in Commentary with tags on September 26, 2025 by itnerd

By Praveen Rangnath, CMO, Deepgram

If you’re in IT leadership, you’ve seen tech trends come and go. Some flare up in the headlines, get hyped at conferences, and then quietly fade away. Others — the rare ones — change the way entire industries operate.

Voice AI is one of the rare ones.

The problem is, a lot of people think they already understand it. They’ll nod along and say, “Oh yeah, like Siri or Alexa, right?” And if you leave it at that, you’ll miss the fact that Voice AI in the enterprise has almost nothing to do with consumer gadgets.

What we’re talking about is the ability to capture, understand, and act on every conversation your business has — with customers, employees, suppliers, regulators — in real time. It’s a shift from voice being something that “just happens” to voice becoming one of your most valuable data assets.

And here’s the kicker: if you’re the IT leader who drives that transformation, it won’t just make your company more competitive — it’ll make you more promotable.

Why This Is Bigger Than a Tech Upgrade

Think about all the conversations that happen in your organization in a single day:

  • A frustrated customer explaining a problem to support.
  • A nurse speaking with a patient about symptoms.
  • A technician describing a fault to a field supervisor.
  • A sales rep negotiating terms with a client.
  • Two department heads debating how to allocate budget.

Historically, those conversations disappear the second they end. Maybe you get a line or two typed into a CRM. Maybe a call recording sits on a server somewhere, unlistened to. But you’re losing context, insights, and opportunities every single time.

Voice AI changes the game. It can:

  • Transcribe those conversations in real time — accurately, even with accents, jargon, or background noise.
  • Understand the meaning, not just the words.
  • Detect urgency, emotion, and intent.
  • Feed that intelligence into your existing systems so it’s searchable, reportable, and actionable.

This isn’t about making calls “sound nicer.” It’s about turning the most human part of business — conversation — into something you can measure, learn from, and improve at scale.

Why IT Management Should Own This

If you’re thinking, “This sounds like a customer service project,” you’re not wrong — but you’re not right, either.

Customer service, sales, compliance, operations — they all want the benefits. But none of them can roll this out enterprise-wide without IT leadership guiding the architecture, governance, and integrations.

That means you have a rare opportunity:

  • Lead a high-impact initiative that crosses silos.
  • Control the data governance and compliance from day one (critical if you’re in finance, healthcare, or government).
  • Choose technology that scales, so this doesn’t become another point-solution mess.

When IT drives Voice AI adoption, it’s not just “supporting the business.” It’s reshaping how the business works. That’s the kind of strategic leadership that the C-suite and boards notice.

The Career Capital Play

Here’s the part some IT leaders miss: delivering a Voice AI initiative isn’t just good for the company — it’s good for your career.

  1. You’ll be seen as an innovator — not just the person who keeps the lights on. You’ll have a real-world example of bringing in a new capability that directly ties to revenue, customer satisfaction, and operational efficiency.
  2. You’ll get visibility with the C-suite — because every major function will be affected, and you’ll be the one making sure it all works.
  3. You’ll have hard metrics to show — cost savings, reduced call times, faster onboarding, higher CSAT, better compliance records. These are the kind of results that get repeated in performance reviews.
  4. You’ll build executive allies across departments — sales, marketing, operations, and compliance will all have wins they can point to because of your project. That makes you easier to promote.

If You Think You Already Understand It — This Could Be the Gap

A lot of tech leaders think Voice AI means “speech-to-text” plus maybe a chatbot. That’s like saying the internet is just “email plus websites.”

The real power is when Voice AI is:

  • Real-time — not hours later.
  • Context-aware — understanding your specific business language and workflows.
  • Integrated — feeding into CRM, ERP, analytics, and compliance systems automatically.
  • Scalable — able to handle every department, every language, every channel without breaking.

That’s when it stops being a tool and becomes infrastructure, and infrastructure projects with measurable business wins are the ones that get you invited to the big table.

Your Next Moves

If you want this to be a career-making initiative, here’s where you can start:

  1. Map Your Conversation Ecosystem — Where in your organization do high-value voice interactions happen daily?
  2. Identify High-Impact Use Cases — Pick two or three where you can prove ROI quickly (e.g., customer support, compliance-heavy calls, field service updates).
  3. Get Cross-Functional Buy-In Early — Loop in operations, CX, compliance, and sales from day one.
  4. Test for Accuracy First — Before you get dazzled by AI features, nail transcription quality. Everything else depends on it.
  5. Plan for Scale — Choose solutions that can grow beyond your pilot without creating security or integration headaches.

Bottom line: Voice AI is more than a technology trend — it’s a platform for delivering visible, measurable business wins. If you own it, you don’t just modernize the company. You modernize your own career path.

The leaders who make this move now won’t just be part of the conversation. They’ll be running it.

Leave a comment »

Tech failures are slowing down nearly half of Canada’s frontline workforce, new survey shows

Posted in Commentary with tags on September 26, 2025 by itnerd

A new national survey conducted by Samsung Canada and Leger, surveyed 510 Canadian workers across construction, healthcare, energy, mining, retail, and public safety, found that: 

  • Roughly 2 in 5 (44%) workers face delays in completing tasks when devices break. This is even higher among healthcare and public safety workers.  
  • 34% report communication breakdowns due to device issues 

From missed reports to disrupted deliveries, these moments of downtime are quietly dragging productivity across sectors. Only 1 in 3 workers are still using consumer-grade smartphones and tablets; devices not designed for harsh job site conditions or long shifts. 

That’s prompting a shift in what business decision makers are looking for when it comes to company tech. Designed for frontline conditions, Samsung’s Galaxy Tab Active5 Pro and Galaxy XCover7 Pro offer more resilient solutions built for durability in rugged workforces. These devices feature excellent weather durability, swappable batteries for all-day power, and glove-friendly touchscreens, a clear fit for jobs where reliability can’t be optional.  

Here are a couple of links that dive deeper into some of the statistics I mentioned above:

Samsung survey reveals deep need for rugged tech in construction industry: https://news.samsung.com/ca/samsung-survey-reveals-deep-need-for-rugged-tech-in-construction-industry

How rugged devices power real-time decision making in remote oilfields: https://news.samsung.com/ca/how-rugged-devices-power-real-time-decision-making-in-remote-oilfields

Leave a comment »

Stealthy BRICKSTORM Backdoor Enables Espionage into Tech and Legal Sector

Posted in Commentary with tags on September 25, 2025 by itnerd

Researchers have tracked a stealthy “next-level” Chinese hacking campaign dubbed “BRICKSTONE” that targets and maintains persistent access to legal services and technology companies by stealing intellectual property, mining intelligence on national security and trade while developing other cyberattacks for the future.

More details are available here: https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign

Ensar Seker, CISO at SOCRadar, commented:

“This Brickstorm campaign marks a striking evolution in adversary tradecraft. What makes it “next level” is not simply the long dwell times or precision targeting, though both are alarming, but rather the strategic layering of access, reconnaissance, and supply-chain influence. By infiltrating tech security and legal services firms, the attackers don’t just get to access those environments, they gain pathways into their clients and partners, giving them a multiplier effect on reach. Some of those downstream systems may not even realize they’ve been compromised yet.

“The motivation here is long-term, not opportunistic. Brickstorm’s operators are methodically exfiltrating intellectual property and internal designs, which gives them a unique insight into how to bypass defenses and identify zero-day opportunities. In effect, they’re embedding themselves into the ecosystem, harvesting the same tools and knowledge base they hope to exploit later. That kind of foresight suggests a campaign designed not just for espionage, but for building capabilities that can support multiple future attacks.

“From a defensive posture, this raises the bar. Security firms, the very guardians of trust, must now treat themselves as high-priority targets in their own right. That means rethinking how we design isolation, telemetry, and insider-monitoring within security operations. It means segmenting access zones not just for customers, but even among internal service components. It demands relentless threat hunting, especially in trust relationships and client integrations. In practical terms, organizations should assume that any vendor they trust may be compromised, not eventually, but right now. That means requiring stricter attestation, enforcing zero-trust architectures around vendor connections, validating every cross-tenant data flow, and adopting reciprocal visibility with those vendors. The fact that Brickstorm is already leveraging downstream infiltration highlights just how fragile the boundary between ‘client’ and ‘supplier’ has become.

“In a nutshell, Brickstorm is a wake-up call: adversaries are no longer treating high-value firms as endpoints to exploit, but as nodes in a broader intelligence and access network. Defending against that requires that we think in ecosystems and assume compromise, not just for ourselves, but for every connected party.”

I am actually quite disturbed by this as this sounds like the cold war all over again. This highlights the fact that the bad guys come in all shapes and sizes as well as agendas.

UPDATE: Cybercrime expert and VP of Cyber Risk for HITRUST, Tom Kellermann had this to say

“Since the Titan Rain campaign, China has pursued an insurgency strategy in American cyberspace, maintaining persistent access through sophisticated backdoors, like BRICKSTORM that serve as the cornerstone of their economic espionage operations. These initial compromises enable secondary infections and lateral movement across networks, creating a cascading security threat that must be systematically eradicated to protect both national and economic security.”

Leave a comment »

« Older Entries
Newer Entries »