A Chinese espionage group tracked as UNC5221 has been observed deploying previously undocumented malware to maintain persistent access to compromised Microsoft 365 environments. Alongside the already-known Brickstorm backdoor, researchers have identified two new malware families: Plenet and AgentPSD.
Background: Who Is UNC5221?
UNC5221 is a China-nexus threat group that has been active in espionage campaigns targeting government, defense, telecommunications, and technology organizations. The group was previously linked to attacks exploiting edge device vulnerabilities — including Ivanti Connect Secure zero-days — to gain initial footholds in target networks.
The group's focus on persistence and long-term access over destructive action is consistent with intelligence-gathering objectives.
The New Malware Arsenal
Brickstorm
Brickstorm is a backdoor previously attributed to UNC5221, designed to operate within virtualized environments and cloud-connected systems. It provides command-and-control (C2) communication capabilities and serves as the primary persistent access tool in the group's toolkit.
Plenet
Plenet is a newly documented malware family observed in this campaign. Based on available intelligence, Plenet is designed to facilitate lateral movement and credential harvesting within Microsoft 365 and Entra ID (Azure AD) environments — enabling the group to expand access from a compromised endpoint to cloud-hosted data and services.
AgentPSD
AgentPSD is the second newly identified malware family. Its design appears focused on persistence and stealth — it establishes durable footholds that survive credential rotation and endpoint remediation. This suggests UNC5221 is specifically engineering resilience against common incident response actions.
Microsoft 365 as a High-Value Target
The targeting of Microsoft 365 environments is strategically significant. M365 environments contain:
- Email communications (Exchange Online) — valuable for intelligence collection
- SharePoint and OneDrive — document repositories containing sensitive data
- Teams conversations — real-time strategic communications
- Entra ID identities — enabling impersonation and further lateral movement
By establishing persistence at the M365 layer, UNC5221 can maintain access to organizational communications and data even after endpoint compromise is detected and remediated.
Tactics, Techniques, and Procedures (TTPs)
| Phase | Technique |
|---|---|
| Initial Access | Edge device exploitation (VPN, network appliances) |
| Persistence | Brickstorm backdoor implant |
| Credential Access | Plenet — M365 / Entra ID credential harvesting |
| Defense Evasion | AgentPSD — survives credential rotation |
| Collection | Email, documents, Teams data exfiltration |
| Command & Control | Encrypted C2 via Brickstorm |
Detection and Hunting
Security teams should hunt for indicators associated with UNC5221 activity in M365 audit logs and endpoint telemetry:
// Microsoft Sentinel — hunt for suspicious OAuth app activity
CloudAppEvents
| where ActionType in ("Add app role assignment.", "Consent to application.")
| where Application !in (known_approved_apps)
| project TimeGenerated, AccountDisplayName, Application, ActionType
// Hunt for unusual M365 access from unexpected locations
SigninLogs
| where ResultType == 0
| where Location !in (expected_countries)
| where AppDisplayName contains "Exchange"
| summarize count() by UserPrincipalName, Location, bin(TimeGenerated, 1h)# PowerShell — review Entra ID app consents for suspicious grants
Connect-MgGraph -Scopes "Directory.Read.All"
Get-MgServicePrincipal -Filter "tags/any(t:t eq 'WindowsAzureActiveDirectoryIntegratedApp')" |
Select-Object DisplayName, AppId, CreatedDateTime |
Sort-Object CreatedDateTime -Descending |
Select-Object -First 50Recommended Mitigations
- Audit OAuth application consents — review and revoke unauthorized third-party app permissions in Entra ID
- Enable Conditional Access — enforce device compliance and MFA for all M365 access
- Monitor audit logs — enable Unified Audit Logging and alert on suspicious sign-ins
- Restrict legacy authentication — block basic auth protocols that bypass MFA
- Hunt for Brickstorm IOCs — check endpoint telemetry against published indicators
- Review edge device logs — UNC5221 uses VPN/network appliance exploits for initial access
- Rotate service account credentials with monitoring for re-compromise indicators
- Deploy Microsoft Defender for Cloud Apps to detect anomalous M365 activity
Organizational Impact
The combination of Brickstorm, Plenet, and AgentPSD represents a mature, layered persistence strategy. Organizations that focus incident response solely on endpoint remediation may miss the cloud-layer persistence established by Plenet and AgentPSD — meaning attackers can re-establish access after what appears to be a successful remediation.
This underscores the need for hybrid response procedures that cover both on-premises endpoints and cloud identity/service layers simultaneously.
References
- BleepingComputer — Chinese APT Deploys New Malware to Keep Access to Hacked Networks
- Microsoft Security Intelligence — UNC5221 / threat actor tracking
- CISA Advisories on edge device exploitation by China-nexus actors