[BRICKSTORM](https://attack.mitre.org/software/S9015) is a cross-platform backdoor with variants written in Go and Rust that facilitates command and control, the ingress transfer of other malware, and the exfiltration of data.(Citation: CISA BRICKSTORM UNC5221 AR25-338A February 2026)(Citation: Picus Security BRICKSTORM UNC5221 October 2025)(Citation: Resecurity UNC5221 BRICKSTORM F5 Big-IP October 2025)(Citation: Google BRICKSTORM September 2025) [BRICKSTORM](https://attack.mitre.org/software/S9015) has also been created from a .NET application using ahead-of-time (AOT) compilation to blend in within victim environments.(Citation: CISA BRICKSTORM UNC5221 AR25-338A February 2026) [BRICKSTORM](https://attack.mitre.org/software/S9015) was first observed in April 2024.(Citation: Google UNC5221 BRICKSTORM SPAWNCHIMERA April 2024) [BRICKSTORM](https://attack.mitre.org/software/S9015) has previously been leveraged by People's Republic of China (PRC) state-nexus actors identified as UNC6201, UNC5221, WARP PANDA, PunyToad, and SYLVANITE.(Citation: Cloudflare 2026 Threat Report New Threat Actors March 2026)(Citation: CrowdStrike BRICKSTORM WARP PANDA UNC5221 December 2025)(Citation: CISA BRICKSTORM UNC5221 AR25-338A February 2026)(Citation: Dragos SYLVANITE MuddyWater Electrum March 2026)(Citation: NVISO BRICKSTORM April 2025)(Citation: Google BRICKSTORM GRIMBOLT UNC5221 UNC6201 February 2026)(Citation: Resecurity UNC5221 BRICKSTORM F5 Big-IP October 2025)(Citation: Google BRICKSTORM September 2025)