CISA, the National Security Agency, and the Canadian Centre for Cyber Security assessed that People’s Republic of China state-sponsored cyber actors are using BRICKSTORM malware to maintain long-term persistence on victim systems, as documented in a Malware Analysis Report updated on February 11, 2026. The report adds analysis, indicators of compromise, and detection signatures for a newly identified BRICKSTORM variant. The report also provides updated detection guidance and urges organizations to use this information to identify and report related activity.