US, Canada cybersecurity agencies say China-linked hackers stole login data and other sensitive information

US and Canadian cybersecurity agencies have issued a joint advisory, warning that hackers linked to China used malware attacks to penetrate and maintain long-term access to unnamed government and information technology entities. According to a report by news agency Reuters, the advisory has been signed by the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the Canadian Centre for Cyber Security.

According to Madhu Gottumukkala, the acting director of CISA, the Chinese-linked operations are “infiltrating sensitive networks and embedding themselves to enable long-term access, disruption, and potential sabotage.”

'Brickstorm' malware used for long-term access to government and IT infrastructure

The agencies identified the malware used by the state-backed hackers as “Brickstorm.” They claim that this malware was deployed to target multiple government services and information technology entities. Once inside victim networks, the hackers stole login credentials and other sensitive information, essentially giving them the potential to take full control of targeted computers.

The threat involves maintaining persistent access. The advisory cited one instance where the attackers used Brickstorm to penetrate a company in April 2024 and maintained access through at least September 3, 2025.

The analysis is based on eight Brickstorm samples obtained from targeted organisations. CISA executive assistant director for Cybersecurity Nick Andersen, however, declined to share specific details on the total number of government organisations targeted or the full extent of the hackers' actions once inside the networks, the report noted.

‘Broadcom’s VMware a target of China-backed hackers’

The hackers are reportedly deploying the malware against VMware vSphere, a product sold by Broadcom’s VMware used to create and manage virtual machines within networks. A Broadcom spokesperson encouraged all customers to apply up-to-date software patches and adhere to strong operational security in response to the reports.

What China has to say on hacking reports

The Chinese embassy in Washington quickly rejected the allegations. Liu Pengyu, a spokesperson, stated that the Chinese government does not “encourage, support or connive at cyber attacks.” Liu added that they “reject the relevant parties' irresponsible assertion” about the activities, noting that the agencies had “neither put forward any request related to the issue nor presented any factual evidence.”