Threat Group – China-nexus UNC5221 Threat Type – Espionage backdoor and post-exploitation toolkit Exploited Vulnerabilities – Ivanti Connect Secure auth-bypass and command injection (CVE-2023-46805, CVE-2024-21887), Ivanti Connect Secure RCE buffer overflow (CVE-2025-22457), weak edge-appliance hardening, exposed management interfaces, valid-credential reuse Malware Used – BRICKSTORM backdoor with file-manager UI and network tunnelling; associated tooling and