Google researchers said Chinese attackers have been exploiting a zero-day since mid-2024, and they’ve moved on to a more advanced version of Brickstorm malware called Grimbolt.

The researchers who uncovered the “very, very advanced adversary” behind the malware said it could be a big problem years into the future.

The China-affiliated espionage group, which CrowdStrike tracks as Murky Panda, has been linked to more than a dozen incident response cases since late spring.

The arrest came at the request of the United States, which hailed the development as a sign that patience in pursuing cybercriminals in court is rewarded.

The Chinese state-backed espionage group started targeting third-party IT services in late 2024, Microsoft researchers said.