A Chinese espionage group operated undetected inside a Microsoft 365 environment for more than 18 months — and returned within days after the victim organization believed it had completed a full eviction. Volexity’s technical analysis, published in early June, revealed two previously undocumented malware families and a persistence strategy built around network hardware that endpoint security software never monitors.
VerdantBamboo’s Three-Tool Arsenal: BRICKSTORM, PLENET, and AGENTPSD Against M365
The group — tracked by Volexity as VerdantBamboo and also designated UNC5221 and WARP PANDA — maintained its foothold using a layered toolkit. Its established BRICKSTORM backdoor, originally written in Golang and later rewritten in Rust, provided the primary persistent access channel with SOCKS5 proxy capabilities and direct filesystem access to compromised systems. When security teams identified and removed components of that toolkit, VerdantBamboo had already deployed two additional tools that continued operating undetected.
PLENET .NET WebSocket Backdoor and AGENTPSD Python Shell — Two Newly Documented Families
Volexity’s report publicly identified two malware families that had not been documented before. PLENET — also tracked as “Grimbolt” by Google — is a cross-platform .NET backdoor that communicates with command-and-control infrastructure over WebSocket connections, providing interactive shell access, remote command execution, and file manipulation capabilities. AGENTPSD is a Python reverse shell packaged with PyInstaller, deployed as a fallback persistence mechanism designed to survive disruption of the primary toolkit. Each tool serves a distinct persistence role: PLENET as the active command interface, AGENTPSD as the recovery channel if primary access is severed.
VerdantBamboo’s EDR-Blind Persistence on pfSense Firewalls, Synology NAS, and Egnyte Sync Devices
VerdantBamboo’s evasion strategy was to install implants exclusively on hardware that carries no endpoint detection software. The group targeted network firewalls running pfSense, Synology network-attached storage devices, and Egnyte Storage Sync cloud-synchronization appliances — devices that sit on corporate networks but are almost universally excluded from EDR deployments. On the Egnyte device, VerdantBamboo exploited a local privilege escalation vulnerability, which Egnyte patched in Storage Sync version 13.13. This hardware-focused persistence model allowed the group’s tooling to survive standard endpoint remediation responses that focus on workstations and servers without extending to network appliances and storage hardware.
MSP Supply Chain Entry and Post-Eviction Re-Infiltration
The initial compromise reached the victim organization through its managed services provider. VerdantBamboo used stolen credentials from the MSP to access the primary victim’s Microsoft 365 environment — a vector that bypassed the primary organization’s own identity controls entirely. The attacker authenticated as a trusted third party, entering an environment whose access policies could not account for a compromised external credential.
When the victim detected the intrusion in September 2025 and began remediation, VerdantBamboo re-infiltrated the network within days. The re-entry path was the firewall administrative interfaces that had been left exposed during remediation and lacked multi-factor authentication. The overall dwell time — from the initial compromise through detection, remediation, and re-infiltration — exceeded 18 months before the intrusion was fully contained.
UNC5221’s Target Sectors and Chinese MSS Attribution
Volexity attributes VerdantBamboo to Chinese Ministry of State Security intelligence collection operations. The group has been active since at least 2023 and focuses on organizations with high concentrations of sensitive client data: legal services firms, software-as-a-service providers, business process outsourcers, and technology companies operating Microsoft 365 environments. The victim profile reflects an MSS collection interest in commercially valuable intellectual property and client relationship data held by service-sector organizations.
The September 2025 detection followed by immediate re-infiltration through the same exposed infrastructure illustrates a documented Chinese APT operational doctrine: maintain access by any available path, and treat a detected intrusion as a temporary setback rather than a terminal event. For organizations in VerdantBamboo’s target sectors, the re-infiltration timeline indicates that remediation efforts which do not simultaneously address MSP credential exposure and network appliance administrative access are unlikely to result in a durable eviction.
