At least one undisclosed government and/or tech company
November 4, 2024
•[ state-sponsored, malware, backdoor ]
Government cybersecurity reporting described PRC state-sponsored actors using BRICKSTORM malware to maintain long-term persistence in victim environments, primarily affecting government services/facilities and IT sector organizations. In a documented case, actors accessed a DMZ web server (with a web shell present), moved laterally using service account credentials, copied Active Directory databases, pivoted into VMware vCenter, accessed domain controllers and an ADFS server, and exported cryptographic keys. BRICKSTORM provided stealthy backdoor access for command-and-control and remote operations and was used for persistence from at least April 2024 through at least September 3, 2025. The specific victim organization name was not disclosed in the reporting.
Windows93 / Myspace93
January 1, 2021
•[ data leak, plaintext passwords, credential theft ]
In January 2021, trusted members of the Windows93 Discord community allegedly abused access to a Myspace93 beta application to exploit and download server files, including an unencrypted credential store. The compromised data was later leaked in June 2021 and contained 46,105 Myspace93 accounts with usernames, plaintext passwords, email addresses, and IP addresses.
