A Chinese state-backed hacking group has been exploiting a critical zero-day in Dell RecoverPoint for Virtual Machines (CVE-2026-22769) since at least mid-2024 to deploy backdoors and target organizations across North America. Dell, Google/Mandiant and U.S. agencies have issued advisories and fixes, and CISA ordered immediate federal patching while researchers report use of BRICKSTORM and a newer backdoor called GRIMBOLT. #CVE-2026-22769 #DellRecoverPoint #UNC6201 #BRICKSTORM #GRIMBOLT
Keypoints
- CVE-2026-22769 is a critical 10/10 vulnerability in Dell RecoverPoint for Virtual Machines actively exploited by a sophisticated Chinese actor.
- Mandiant and Google tie the activity to UNC6201 with links to Silk Typhoon, with targeting observed across North America since mid-2024.
- Attackers have deployed the BRICKSTORM backdoor and a newer, stealthier GRIMBOLT variant to maintain long-term access and evade detection.
- Dell and Google published fixes and advisories, and CISA ordered all federal agencies to apply patches immediately.
- Backup and disaster recovery appliances run with elevated privileges, making them high-value targets that can disrupt recovery and expose replicated data.
Read More: https://therecord.media/fed-agencies-ordered-to-patch-dell-bug-after-exploitation-warning