Come find us at Booth 7 to talk threat hunting and triage workflows with our team, including @stevenadair.bsky.social & @attrc.bsky.social
VerdantBamboo used a #0day privilege escalation exploit in the process and was also observed using administrative access to the victim organization's firewall to enable a custom VPN.
[3/4]
This case involved the breach of the victim organization’s MSP and multiple malware implants found on firewalls, cloud storage sync devices & NAS appliances.
[2/4]
Memory forensics is a required technique to detect and respond to modern malware. Come see Volcano in action at FIRST next week to learn how memory forensics can be applied at true enterprise scale.
For more details on how the incident unfolded, the malware used by the threat actor, and the end goal of the intrusion, check out the full blog post: www.volexity.com/blog/2026/06...
[4/4]
Heading to Denver for #FIRSTCON26 next week? Stop by the @volexity.com booth to see a demo of Volcano! We’ll show you how memory analysis with Volcano uncovers advanced threat actors and helps rapidly resolve your investigations.
#DFIR #FIRSTCON
@volexity.com has published details from an incident response engagement in September 2025 involving multiple #BRICKSTORM variants deployed by a threat actor that Volexity tracks as VerdantBamboo.
[1/4]
Our new blog post details our investigation into how a compromised MSP led to at least one of its customers being compromised, including deployment of the BRICKSTORM malware on multiple edge devices.
BRICKSTORM: Volexity’s analysis revealed that a Chinese threat actor, which Volexity tracks as VerdantBamboo (WARP PANDA, UNC5221), had compromised the Storage Sync system.
www.volexity.com/blog/2026/06...
@volexity.com
Volexity
Volexity
In September 2025, Volexity conducted an incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine appliance on a customer’s network. The...
