Cybersecurity researchers at Volexity have identified a new campaign by the China-nexus threat group VerdantBamboo, which has adapted its toolset to target Linux and BSD systems with multiple malware families. The group, which overlaps with the threat actor Microsoft tracks as Clay Typhoon, deployed a BSD variant of the BRICKSTORM backdoor alongside two other malicious tools named PLENET (also called GRIMBOLT) and AGENTPSD.

VerdantBamboo represents a persistent cyber espionage operation with ties to Chinese state interests. The group's expansion into BSD and Linux environments demonstrates a strategic shift to compromise systems that often receive less security scrutiny than Windows platforms. These Unix-based systems frequently serve critical infrastructure roles, making them high-value targets for intelligence collection.

The BRICKSTORM backdoor variant has been specifically adapted for BSD operating systems, while PLENET and AGENTPSD target Linux environments. These tools provide the attackers with remote access capabilities, allowing them to maintain persistent access to compromised systems, exfiltrate sensitive data, and execute additional commands. The deployment of multiple malware families suggests a sophisticated operation designed to maintain redundant access channels and evade detection.

Organizations running Linux and BSD systems face increased risk from this campaign, particularly those in sectors typically targeted by Chinese espionage groups such as government, defense, telecommunications, and technology. The adaptation of existing malware to new platforms indicates VerdantBamboo's commitment to expanding its operational reach and maintaining access to diverse target environments.

Security teams should immediately review their Linux and BSD systems for signs of compromise, implement enhanced logging and monitoring, and ensure security tools provide adequate coverage for Unix-based platforms. Organizations should also review network traffic for unusual outbound connections, deploy endpoint detection and response solutions on all systems regardless of operating system, and maintain current patch levels across their infrastructure.

Source: https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html