VerdantBamboo (UNC5221 / WARP PANDA): an 18-month China-nexus intrusion that lived entirely on EDR-blind edge appliances and proxied into Microsoft 365 past Conditional Access `[SINGLE-SOURCE]`

Volexity attributes an incident-response case at a European organisation to a China-linked actor it tracks as VerdantBamboo (assessed with high confidence as UNC5221, also WARP PANDA), with access dating back at least 18 months (Volexity, 2026-06-04). Initial access came through the victim's MSP: the actor had planted a BSD build of the BRICKSTORM Golang backdoor on the MSP's pfSense firewall. The defining tradecraft is deliberate EDR avoidance — every implant sat on appliances that cannot run an endpoint agent (firewall, Synology NAS, a retired GroupWise server) or on an Egnyte Storage Sync Linux VM. BRICKSTORM's proxy capability on the Storage Sync host let the actor route authentication to the victim's M365 tenant through that appliance's trusted egress IP, defeating Conditional Access rules that would have blocked an unrecognised source address (T1090 internal proxy, T1078.004 cloud accounts). After Volexity's first remediation, VerdantBamboo simply re-authenticated to the firewall with stolen admin credentials, re-enabled SSL VPN, and redeployed BRICKSTORM to the NAS — alongside two previously undocumented implants: AGENTPSD (a PyInstaller-packaged Python HTTPS reverse shell kept as a fallback) and PLENET/GRIMBOLT (a .NET Native AOT backdoor on a Linux NAS).

Why it matters to us: this is the precise threat model a federal SOC carries — an MSP relationship plus a fleet of edge appliances that are invisible to EDR by design. Detection has to move off the endpoint: hunt M365 sign-in logs for interactive auth originating from the egress IPs of NAS / storage-sync / firewall appliances (those should never originate user logins), alert on SSL-VPN re-enablement and admin auth to perimeter devices, and treat any appliance the vendor forbids you from instrumenting as an assumed-breach surface. Mandate MFA on all firewall management and SSL-VPN interfaces, and put the MSP's access to your perimeter under the same scrutiny as a privileged insider. [SINGLE-SOURCE] — Volexity primary IR (see § 7).