CrowdStrike has identified a new sophisticated adversary, WARP PANDA, which is linked to China and is targeting VMware vCenter environments in U.S.-based entities using advanced malware such as BRICKSTORM, Junction, and GuestConduit. This adversary demonstrates a high level of technical skill and operational security, focusing on maintaining long-term covert access to networks likely for intelligence collection aligned with the strategic interests of the People's Republic of China. WARP PANDA gains initial access by exploiting vulnerabilities in internet-facing devices and vCenter environments, and it employs various tactics to evade detection, including masquerading malware as legitimate processes, log clearing, and file timestomping. The group's operations extend to cloud environments, where they have accessed Microsoft Azure to exfiltrate sensitive data. CrowdStrike's research indicates that WARP PANDA's activities are part of a broader trend of cyberespionage by China-nexus actors, with BRICKSTORM potentially used by multiple actors in this group. The report underscores the importance of monitoring and implementing security measures like disabling SSH access and enforcing strict network segmentation to protect against such sophisticated intrusions.