Dell 0-Day Vulnerability Exploited by Chinese Hackers Since mid-2024 to Deploy Malware

Dell's Zero-Day Vulnerability Dell RecoverPoint for Virtual Machines is the target of a serious zero-day exploitation campaign. The vulnerability, identified as CVE-2026-22769, has been actively exploited since at least mid-2024 and has a maximum CVSSv3.1 score of 10.0. This activity is attributed by incident response engagements to UNC6201, a suspected PRC-nexus threat cluster that exhibits significant overlaps with the publicly recognized Silk Typhoon (UNC5221) group.

The attackers have used this vulnerability to move laterally across networks, maintain persistent access, and install a variety of advanced malware, such as SLAYSTYLE, BRICKSTORM, and a new backdoor known as GRIMBOLT, according to Mandiant and the Google Threat Intelligence Group (GTIG). UNC6201 is known for using edge devices, such as VPN concentrators, to gain traction, even though the original access vector is still unknown.

RecoverPoint for Virtual Computers 5.3 SP4 and earlier: Use the remediation script after upgrading to 5.3 SP4 P1 or a 6.x version. Compromise Indicators (IOCs) This campaign has been linked to the following file and network indicators. Malware Indicator Value Type Family File Name/Context: 24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0c SHA256 GRIMBOLT out_elf_2 92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624a SHA256 GRIMBOLT support dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591 Aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878 SHA256 BRICKSTORM N/A 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df SHA256 BRICKSTORM Splisten SHA256 BRICKSTORM N/A 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035 320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759 For daily cybersecurity updates, visit wss://149.248.11.71/rest/apisession C2 Endpoint GRIMBOLT N/A 149.248.11.71 C2 IP GRIMBOLT N/A, LinkedIn, and X. SHA256 BRICKSTORM N/A 45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830 SHA256 BRICKSTORM N/A.

To have your stories featured, get in touch with us.

Dell 0-Day Vulnerability Exploited by Chinese Hackers Since mid-2024 to Deploy Malware

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026

Dell 0-Day Vulnerability Exploited by Chinese Hackers Since mid-2024 to Deploy Malware

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026