Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Redazione RHC : 6 December 2025 19:25
A spokesperson for the Chinese Embassy in Canada responded to a reporter’s question about the outcry in Canada over so-called “Chinese cyber attacks.”
A reporter asked : Recently, the Canadian Cyber Security Centre, along with the U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency, jointly released an analysis report stating that Chinese government-backed cyber threat actors used the Brickstorm malware to infiltrate the systems of government agencies, facilities, and IT organizations.
What is China’s comment?
As we all know, the United States is the true “hacker empire,” the master of cyber attacks and the greatest threat to global cybersecurity. The so-called analysis report ignores the United States’ rampant cyber attacks, while making baseless accusations against China. This is a classic case of the pot telling the cauldron it’s black, and it’s malicious. China firmly opposes it.
China is a major victim of cyber attacks and has consistently and resolutely opposed and fought all forms of cyber attacks in accordance with the law, remaining firmly committed to safeguarding cyber security.
China urges Canada to immediately stop following the US lead, to stop politicizing and stigmatizing cybersecurity issues, and to stop instrumentalizing cybersecurity issues to smear China.”
Cybersecurity agencies — CISA, NSA, and the Canadian Cyber Security Centre — have warned that the Brickstorm malware has been used to infiltrate and establish itself within the networks of “critical organizations” for years.
Brickstorm—which can run on Linux, VMware, and Windows systems—allows attackers to obtain credentials, control machines, move laterally across networks, and establish communication and data transfer tunnels, leaving victims vulnerable to data theft, exfiltration, or potential sabotage. In one reported case, attackers gained access to a VMware vCenter server in April 2024 and maintained control until at least September 2025.
Redazione