"A zero-day vulnerability in Dell's RecoverPoint for Virtual Machines product has been exploited by a China-linked cyberespionage group since at least mid-2024, Google's Threat Intelligence Group (GTIG) and Mandiant reported on Tuesday. Exploitation of the vulnerability identified as CVE-2026-22769 has been attributed by GTIG and Mandiant to a threat actor tracked as UNC6201. The hackers exploited the flaw for lateral movement, persistence, and malware deployment."
"According to Dell's advisory for CVE-2026-22769, the vulnerability is a hardcoded credential issue affecting RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1. The tech giant has advised users to update their installations to the patched version as soon as possible. "[CVE-2026-22769] is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence," Dell said."
A zero-day vulnerability in Dell RecoverPoint for Virtual Machines (CVE-2026-22769) has been exploited since at least mid-2024 by a China-linked cyberespionage group tracked as UNC6201. The vulnerability is a hardcoded credential issue affecting RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1 and allows unauthenticated remote attackers to gain unauthorized access to the underlying operating system and achieve root-level persistence. Attackers used the flaw for lateral movement, persistence, and malware deployment, employing BrickStorm historically and transitioning to a new malware named GrimBolt. Dell advised updating installations to the patched 6.0.3.1 HF1 release immediately.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]