Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms

    Monday, June 8, 2026 In: Threat Research Print

    Date: 06/08/2026

    Severity: High

    Summary

    A China-linked cyber-espionage campaign attributed to UNC5221 targeted U.S. law firms and technology organizations. The attackers exploited zero-day vulnerabilities, deployed the BRICKSTORM backdoor, and maintained access for over a year to steal sensitive legal, trade, and national security information. The campaign highlights the growing focus on law firms as high-value intelligence targets and underscores the importance of behavioral threat hunting and robust infrastructure monitoring.

    Indicators of Compromise (IOC) List

    IP Address:

    192.236.147.131

    192.236.147.138

    193.141.60.212

    192.236.154.158

    192.236.146.173

    174.169.162.62

    64.94.84.97

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 2 :

    dstipaddress IN ("192.236.146.173","192.236.154.158","192.236.147.131","192.236.147.138", "193.141.60.212", "174.169.162.62", "64.94.84.97") or srcipaddress IN ("192.236.146.173","192.236.154.158","192.236.147.131","192.236.147.138", "193.141.60.212", "174.169.162.62", "64.94.84.97")

    Reference:    

    https://cloud.google.com/blog/topics/threat-intelligence/targeted-campaign-us-law-firms/ 


    Tags

    MalwareThreat ActorVulnerabilityExploitationBackdoorCyber EspionageChinaUNC5221United StatesInformation TechnologyBRICKSTORMStealer

    « Previous Article

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.