EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    • Home
    • Cybersecurity
    • Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint

    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint

    Written by
    The Editorial Team
    02.19.26
    Cybersecurity
    02
    MIN
    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    Image From theory to practice: Belgium’s experience implementing the NIS2 directive
    Cybersecurity
    03.02.26 Cybersecurity
    Next article
    From theory to practice: Belgium’s experience implementing the NIS2 directive
    Read
    08
    MIN
    Image Cyber startups: 10 tips for moving from concept to commercialization
    Cyber +
    02.19.26 Cyber +
    Next article
    Cyber startups: 10 tips for moving from concept to commercialization
    Read
    08
    MIN
    Image Cyberattacks Targeting the Defense Industrial Base Are Increasing
    Cybersecurity
    02.17.26 Cybersecurity
    Next article
    Cyberattacks Targeting the Defense Industrial Base Are Increasing
    Read
    01
    MIN
    Image United States: Joshua Rudd could be appointed to lead Cyber Command and the NSA
    Cybersecurity
    02.13.26 Cybersecurity
    Next article
    United States: Joshua Rudd could be appointed to lead Cyber Command and the NSA
    Read
    01
    MIN
    On February 17, 2026, Mandiant and the Google Threat Intelligence Group (GTIG) revealed that a newly identified China-linked cyber-espionage group, UNC6201, had been exploiting a zero-day vulnerability in Dell RecoverPoint for Virtual Machines since 2024.

    The backup and disaster recovery solution is widely used by large enterprises to protect virtual environments.

    Cybersecurity researchers identified a hard-coded password in the source code of certain versions of Dell RecoverPoint. The vulnerability was assigned the highest severity rating, with a CVSS score of 10.0.

    By exploiting the flaw, UNC6201 obtained administrative access to targeted systems, enabling the deployment of malware. Some of the tools used were previously known, such as Slaystyle and Brickstorm, while others were newly identified, including a Trojan dubbed Grimbolt.

    The group installed malicious tools to maintain stealthy and persistent access to compromised machines.

    The attackers also created fake network interfaces (“Ghost NICs”) on VMware ESXi servers to move laterally without detection. In addition, they modified legitimate scripts to discreetly ensure persistence.

    Dell Technologies has released a patch addressing the vulnerability and is urging customers to apply it as soon as possible. According to the company, active exploitation cases remain “limited” at this stage.

    Mandiant and GTIG also identified similarities between UNC6201 and the group known as Silk Typhoon, which has been involved in several large-scale cyber-espionage campaigns attributed to Beijing. However, researchers have refrained from formally linking the two groups due to insufficient evidence.

    The Editorial Team
    02.19.26
    Articles by the same author:
    1
    03.06.26 Risks management
    0-day attacks increasingly target the private sector
    Read
    01
    MIN
    2
    03.06.26 Cybercrime
    The leader of the Phobos ransomware gang pleads guilty before U.S. justice
    Read
    01
    MIN
    3
    03.03.26 Cyber stability
    NATO Authorizes the Use of iPhones for Classified Data
    Read
    02
    MIN
    4
    03.03.26 Cyber +
    The United States Exclude Anthropic from Federal Agencies
    Read
    02
    MIN
    Image From theory to practice: Belgium’s experience implementing the NIS2 directive
    Cybersecurity
    03.02.26 Cybersecurity
    Next article
    From theory to practice: Belgium’s experience implementing the NIS2 directive
    Read
    08
    MIN
    Image Cyber startups: 10 tips for moving from concept to commercialization
    Cyber +
    02.19.26 Cyber +
    Next article
    Cyber startups: 10 tips for moving from concept to commercialization
    Read
    08
    MIN
    Image Cyberattacks Targeting the Defense Industrial Base Are Increasing
    Cybersecurity
    02.17.26 Cybersecurity
    Next article
    Cyberattacks Targeting the Defense Industrial Base Are Increasing
    Read
    01
    MIN
    Image United States: Joshua Rudd could be appointed to lead Cyber Command and the NSA
    Cybersecurity
    02.13.26 Cybersecurity
    Next article
    United States: Joshua Rudd could be appointed to lead Cyber Command and the NSA
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.