Our new blog post details our investigation into how a compromised MSP led to at least one of its customers being compromised, including deployment of the BRICKSTORM malware on multiple edge devices.
Heading to Denver for #FIRSTCON26 next week? Stop by the @volexity.com booth to see a demo of Volcano! We’ll show you how memory analysis with Volcano uncovers advanced threat actors and helps rapidly resolve your investigations.
#DFIR #FIRSTCON
BRICKSTORM: Volexity’s analysis revealed that a Chinese threat actor, which Volexity tracks as VerdantBamboo (WARP PANDA, UNC5221), had compromised the Storage Sync system.
www.volexity.com/blog/2026/06...
@volexity.com
This case involved the breach of the victim organization’s MSP and multiple malware implants found on firewalls, cloud storage sync devices & NAS appliances.
[2/4]
Memory forensics is a required technique to detect and respond to modern malware. Come see Volcano in action at FIRST next week to learn how memory forensics can be applied at true enterprise scale.
VerdantBamboo used a #0day privilege escalation exploit in the process and was also observed using administrative access to the victim organization's firewall to enable a custom VPN.
[3/4]