Chinese espionage group UNC5221 (also tracked as VerdantBamboo) conducted an 18-month undetected intrusion spanning a victim organization and its managed services provider, deploying three backdoor families — Brickstorm, Plenet, and AgentPSD — across VMware vSphere hypervisors, Dell RecoverPoint for Virtual Machines appliances, Synology NAS devices, pfSense edge routers, and legacy Linux servers. The campaign deliberately targeted EDR-blind infrastructure, survived a remediation attempt through re-entry, and used the MSP relationship to propagate access downstream. No CVE identifier is associated with this campaign item.