The Reveal Platform
Intel Name: Unveiling warp panda: a new sophisticated china-nexus adversary
Date of Scan: December 8, 2025
Impact: High
Summary: WARP PANDA is a newly identified, highly advanced China-nexus threat actor targeting VMware vCenter and ESXi environments across U.S. organizations in 2025. The group demonstrates strong technical skill, exceptional OPSEC, and deep expertise in cloud and virtualized systems. During intrusions, they deployed BRICKSTORM malware, JSP web shells, and two new ESXi implants — Junction and GuestConduit. Their tactics prioritize stealth and long-term persistence, indicating a clear focus on intelligence gathering aligned with PRC strategic objectives.
