Ethical Hacking News
A Dell 0-day vulnerability was exploited by suspected Chinese hackers since mid-2024, allowing them to gain unauthorized access to systems and deploy malware. The attack is believed to be linked to the People's Republic of China (PRC), and organizations affected by the breach are urged to take immediate action to remediate the issue.
Dell RecoverPoint for Virtual Machines vulnerability (CVE-2026-22769) was exploited by suspected Chinese hackers since mid-2024.Suspected attackers deployed malware such as Brickstorm and Grimbolt, and created "Ghost NICs" to enable stealthy network pivoting.The attack is linked to UNC6201, a suspected PRC-nexus threat cluster.Dell issued a critical advisory with remediation steps for customers affected by the vulnerability.Organizations are urged to implement fixes immediately to prevent potential exploitation.
In a latest development that sheds light on the escalating threats emanating from the realm of cybersecurity, it has come to light that a critical Dell RecoverPoint for Virtual Machines vulnerability was exploited by suspected Chinese hackers since at least mid-2024. The suspected attackers, who are believed to be linked to the People's Republic of China (PRC), took advantage of this hardcoded-credential bug, known as CVE-2026-22769, to deploy malware and gain unauthorized access to systems in their wake.
According to information divulged by Google's Mandiant incident response team, the attack vector employed by these malicious actors involved the deployment of malware such as Brickstorm and a separate backdoor tracked as Grimbolt. Furthermore, in some instances, they also replaced older Brickstorm binaries with Grimbolt while creating “Ghost NICs” on virtual machines to enable stealthy network pivoting.
The incident response team from Google divulged that the exploitation of this vulnerability has been linked to an entity known as UNC6201, a suspected PRC-nexus threat cluster. The attack appears to have started at least mid-2024 and has continued unabated since then. It is worth noting that the full extent of the campaign's impact remains unknown.
As a result of the breach, Dell issued a critical advisory detailing remediation steps for customers affected by the vulnerability. The company urged organizations to implement one of the recommended fixes immediately in order to prevent potential exploitation.
This incident highlights the ongoing threat landscape involving state-sponsored actors and their attempts to backdoor systems for long-term access. It also underscores the need for vigilance among organizations, especially those handling sensitive data, as they continue to fortify their defenses against such threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Dell-0-Day-Exploited-by-China-Linked-Snoops-Since-Mid-2024-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/02/18/dell_0day_brickstorm_campaign/
https://www.msn.com/en-us/money/other/china-linked-snoops-have-been-exploiting-dell-0-day-since-mid-2024-using-ghost-nics-to-avoid-detection/ar-AA1Wyahd
https://www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-dell-zero-day-flaw-since-mid-2024/
https://nvd.nist.gov/vuln/detail/CVE-2026-22769
https://www.cvedetails.com/cve/CVE-2026-22769/
https://www.cisa.gov/sites/default/files/2026-01/AR25-338A_Malware_Analysis_Report_Brickstorm_Backdoor.pdf
https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign
Published: Tue Feb 17 19:51:59 2026 by llama3.2 3B Q4_K_M
