Ethical Hacking News
CISA has issued an urgent warning to government agencies, ordering them to patch a critical vulnerability in Dell's RecoverPoint software within the next three days. The vulnerability, identified as CVE-2026-22769, has been under active exploitation since mid-2024 and is linked to suspected Chinese hackers. Government agencies must take immediate action to secure their networks and prevent potential attacks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to government agencies about a critical vulnerability in Dell's RecoverPoint software. The vulnerability, CVE-2026-22769, has been under active exploitation since mid-2024 by suspected Chinese hackers and allows attackers to gain access to a victim's network and deploy multiple malware payloads. The UNC6201 group, linked to previous attacks on several U.S. government agencies, is believed to be connected to the Silk Typhoon Chinese state-backed cyberespionage group. CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to secure their networks by the end of Saturday, February 21.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to government agencies, ordering them to patch a critical vulnerability in Dell's RecoverPoint software within the next three days to prevent active exploitation by suspected Chinese hackers. The vulnerability, identified as CVE-2026-22769, has been under active exploitation since mid-2024 and has been exploited by a suspected Chinese hacking group tracked as UNC6201.
According to security researchers from Mandiant and the Google Threat Intelligence Group (GTIG), this hardcoded-credential vulnerability allows attackers to gain access to a victim's network and deploy multiple malware payloads, including a newly identified backdoor called Grimbolt. The Grimbolt backdoor is built using a relatively new compilation technique that makes it harder to analyze than its predecessor, the Brickstorm backdoor.
The UNC6201 group has been linked to previous attacks on several U.S. government agencies, including the U.S. Treasury Department, the Office of Foreign Assets Control (OFAC), and the Committee on Foreign Investment in the United States (CFIUS). The group is also believed to be connected to the Silk Typhoon Chinese state-backed cyberespionage group, which has been linked to exploiting Ivanti zero-days to target government agencies with custom Spawnant and Zipline malware.
In response to this latest threat, CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their networks by the end of Saturday, February 21. This is mandated by Binding Operational Directive (BOD) 22-01.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned in a statement. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."
This is not the first time that CISA has issued an alert about this vulnerability. Last week, the agency gave U.S. federal agencies three days to secure their BeyondTrust Remote Support instances against an actively exploited remote code execution vulnerability (CVE-2026-1731).
The future of IT infrastructure is here
Modern IT infrastructure moves faster than manual workflows can handle. In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
Get the guide
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Issues-Urgent-Warning-Government-Agencies-Must-Patch-Dell-Vulnerability-Within-3-Days-to-Prevent-Active-Exploitation-ehn.shtml
Published: Thu Feb 19 11:33:23 2026 by llama3.2 3B Q4_K_M
