In the following alert, Forvis Mazars provides insights into newly discovered vulnerabilities concerning network edge devices involving BRICKSTORM and RedNovember and what your organization can do to help manage risk.
BRICKSTORM
BRICKSTORM is an espionage campaign designed to compromise edge appliances and maintain long-term persistence.1 These devices, such as smart sensors, Internet of Things (IoT) devices, local servers, or gateways, are often overlooked in traditional monitoring and remediation strategies, making them attractive targets for threat actors.
Key characteristics:
- Stealthy backdoor enabling extended espionage activity
- Targets edge devices that may lack endpoint monitoring
- Observed in technology and legal sectors
These vulnerabilities reflect a shift in attacker focus on infrastructure components that are critical yet frequently under-monitored.
RedNovember
RedNovember is a Chinese-linked espionage group actively targeting defense, aerospace, government, and technology sectors.2 The campaign leverages widely deployed appliances and offensive tooling to establish persistence.
Key characteristics:
- Targets devices from Cisco, Fortinet, Palo Alto, Ivanti, SonicWall, and Sophos
- Deploys custom backdoors such as Pantegana, along with Cobalt Strike and SparkRAT
- Focuses on global government, aerospace, and defense organizations
This campaign underscores the importance of visibility across all layers of infrastructure, especially those with high operational exposure.
Why This Matters
Both BRICKSTORM and RedNovember illustrate how edge devices—often excluded from traditional endpoint security strategies—are increasingly exploited. These campaigns are active, and the vulnerabilities they leverage are newly discovered. Addressing them requires bold action and collaborative response.
How Forvis Mazars + Qualys VMDR Can Help
At Forvis Mazars, we can help support your efforts to respond to emerging threats like BRICKSTORM and RedNovember through tailored vulnerability and detection services. As a certified Qualys partner, we bring access to advanced tooling and experienced practitioners with relevant background in infrastructure risk.
Vulnerability management, detection, and response (VMDR) is a security approach that connects asset discovery, vulnerability identification, threat prioritization, and remediation tracking into a unified workflow. VMDR integrates multiple capabilities to help organizations respond to vulnerabilities with greater speed and precision.
This approach includes:
- Continuous vulnerability scanning across servers, endpoints, and appliances
- Risk-based prioritization with real-world exploit intelligence
- Rapid remediation workflows to reduce attacker opportunities
- Integration with managed services for prevention and detection
This support is intended to assist you in addressing newly discovered vulnerabilities, especially those affecting edge devices that may be excluded from traditional endpoint strategies.
Contact us to schedule a focused scan and review tailored to your environment.