A Chinese espionage group, tracked as **UNC5221**, has been observed accessing **Microsoft 365** environments using the **Brickstorm** backdoor and previously undocumented malware named **Plenet** and **AgentPSD**. An investigation into the incident revealed that the threat actor had gained access to the victim network at least 18 months before detection, with the breaches discovered around March 2025. The group also compromised the victim organization's **Managed Services Provider (MSP)**. **UNC5221** is also known as **VerdantBamboo** and has been involved in attacks exploiting zero-day vulnerabilities in edge devices since at least 2023. The **Brickstorm** backdoor was used undetected in various U.S. targets for over a year. Researchers describe **Brickstorm** as an "advanced malware implant," with initial variants written in **Golang** and newer ones emerging in **Rust**. **Google** first documented **UNC5221** activity using **Brickstorm** in April 2024, and [again in September 2025](https://www.bleepingcomputer.com/news/security/google-brickstorm-malware-used-to-steal-us-orgs-data-for-over-a-year/), detailing attacks against legal services, software-as-a-service providers, business process outsourcers, and technology companies. **CISA** also warned about **Brickstorm** being deployed by Chinese hackers [against VMware vSphere servers](https://www.bleepingcomputer.com/news/security/cisa-warns-of-chinese-brickstorm-malware-attacks-on-vmware-servers/). More recently, **Google** reported its deployment by **UNC6201** [against Dell RecoverPoint for Virtual Machines](https://www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-dell-zero-day-flaw-since-mid-2024/). ### Deep-Seated Compromise and Double Intrusion **Volexity** researchers, responding to an incident last year, found that **VerdantBamboo** compromised an **Egnyte Storage Sync** system and accessed it periodically through the victim's web SSL VPN. From this foothold, using **Brickstorm**'s proxying features and stolen credentials, the threat actor accessed the organization's **Microsoft 365** environment. "**Volexity** assesses with high confidence that this was done to blend in with legitimate network traffic and evade [Conditional Access policies](https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview) that would have otherwise prevented access," the [researchers said](https://www.volexity.com/blog/2026/06/04/verdantbamboo-just-another-brickstorm-in-the-firewall/). Later, **Volexity** discovered that the hackers had spent at least 18 months on the network before being detected. Furthermore, **VerdantBamboo** breached the organization again after the researchers completed remediation efforts. In the second intrusion, the attackers used stolen credentials to enable and configure SSL VPN access on the victim’s firewall, then connected to internal systems and deployed additional custom malware to a **Synology NAS** device. This triggered an investigation at the customer's **MSP**, where **Volexity** found that **VerdantBamboo** had planted a **BSD** variant of **Brickstorm** on a **pfSense firewall**. **Volexity** concluded that this firewall, like the victim organization’s **Storage Sync** system, had also been compromised at least 18 months earlier. Researchers have medium confidence that the attacker pivoted from the **MSP** into the victim organization's environment. **Brickstorm** was subsequently deployed to the victim’s **Egnyte Storage Sync** appliance and to a retired **Linux GroupWise** email archive server. ### Unveiling New Malware: Plenet and AgentPSD Upon re-establishing access to the victim’s infrastructure a few days later, the attackers deployed the custom malware **Plenet** to a **Synology NAS** appliance. **Plenet**, also tracked as "**Grimbolt**" by **Google**, is a cross-platform **.NET**-based backdoor offering interactive shell access, remote command execution, file manipulation, and command-and-control (C2) server switching. The researchers note that **Plenet** is similar in design to **Brickstorm**, utilizing the **WebSocket** protocol for C2 communications and a multiplexing library for simultaneous data streams to the server. **AgentPSD** is a simple Python-based reverse shell utility that **Volexity** believes **VerdantBamboo** used as a fallback persistence mechanism if other malware became inaccessible. While **AgentPSD** was configured to connect to a different domain than **Brickstorm**, it was never used as **Brickstorm** remained operational, supporting the assessment that **AgentPSD** was a secondary access mechanism. During the investigation, **Volexity** attempted to discover **VerdantBamboo**'s infrastructure, creating a fingerprint to identify **Brickstorm** C2 IP addresses and domains. Although multiple machines were identified, the threat actor took the infrastructure offline between September 18 and September 23, before researchers could reveal other systems. This timing, coinciding with **Google**'s new report on **Brickstorm** activity, suggests the attacker may have been aware of the ongoing investigation. **Volexity** describes **VerdantBamboo**/**UNC5221** as "a highly sophisticated threat actor" that combines living-off-the-land techniques with custom malware, specifically targeting systems that do not support **Endpoint Detection and Response (EDR)** solutions. The researchers have compiled a list of indicators of compromise (IOCs) linked to the investigated **UNC5221** campaign, which are publicly available [here](https://github.com/volexity/threat-intel/tree/main/2026/2026-06-04%20VerdantBamboo).