EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    • Home
    • Cybersecurity
    • Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint

    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint

    Written by
    The Editorial Team
    02.19.26
    Cybersecurity
    02
    MIN
    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    Image Our Google Search Data Out in the Wild? The Countdown Has Begun!
    Cybersecurity
    04.28.26 Cybersecurity
    Next article
    Our Google Search Data Out in the Wild? The Countdown Has Begun!
    Read
    09
    MIN
    Image Online regulation of minors : young and overlooked
    Cybersecurity
    04.21.26 Cybersecurity
    Next article
    Online regulation of minors : young and overlooked
    Read
    07
    MIN
    Image Ukraine Confirms Russian Cyber Espionage Operation Targeting Prosecutors and Anti-Corruption Agencies
    Cybersecurity
    04.20.26 Cybersecurity
    Next article
    Ukraine Confirms Russian Cyber Espionage Operation Targeting Prosecutors and Anti-Corruption Agencies
    Read
    01
    MIN
    Image OpenAI ramps up cyber defense with GPT-5.4-Cyber, directly challenging Anthropic
    Cybersecurity
    04.17.26 Cybersecurity
    Next article
    OpenAI ramps up cyber defense with GPT-5.4-Cyber, directly challenging Anthropic
    Read
    02
    MIN
    On February 17, 2026, Mandiant and the Google Threat Intelligence Group (GTIG) revealed that a newly identified China-linked cyber-espionage group, UNC6201, had been exploiting a zero-day vulnerability in Dell RecoverPoint for Virtual Machines since 2024.

    The backup and disaster recovery solution is widely used by large enterprises to protect virtual environments.

    Cybersecurity researchers identified a hard-coded password in the source code of certain versions of Dell RecoverPoint. The vulnerability was assigned the highest severity rating, with a CVSS score of 10.0.

    By exploiting the flaw, UNC6201 obtained administrative access to targeted systems, enabling the deployment of malware. Some of the tools used were previously known, such as Slaystyle and Brickstorm, while others were newly identified, including a Trojan dubbed Grimbolt.

    The group installed malicious tools to maintain stealthy and persistent access to compromised machines.

    The attackers also created fake network interfaces (“Ghost NICs”) on VMware ESXi servers to move laterally without detection. In addition, they modified legitimate scripts to discreetly ensure persistence.

    Dell Technologies has released a patch addressing the vulnerability and is urging customers to apply it as soon as possible. According to the company, active exploitation cases remain “limited” at this stage.

    Mandiant and GTIG also identified similarities between UNC6201 and the group known as Silk Typhoon, which has been involved in several large-scale cyber-espionage campaigns attributed to Beijing. However, researchers have refrained from formally linking the two groups due to insufficient evidence.

    The Editorial Team
    02.19.26
    Articles by the same author:
    1
    05.25.26 Cybercrime
    France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Read
    01
    MIN
    2
    05.25.26 Cybercrime
    Arrest of Canadian man suspected of running the KimWolf botnet
    Read
    01
    MIN
    3
    05.25.26 Digital transformation
    Canada: government ready to amend its law on law enforcement access to data
    Read
    01
    MIN
    4
    05.21.26 Digital transformation
    Sovereign cloud: Thales and Google create a S3NS clone in Germany
    Read
    01
    MIN
    Image Our Google Search Data Out in the Wild? The Countdown Has Begun!
    Cybersecurity
    04.28.26 Cybersecurity
    Next article
    Our Google Search Data Out in the Wild? The Countdown Has Begun!
    Read
    09
    MIN
    Image Online regulation of minors : young and overlooked
    Cybersecurity
    04.21.26 Cybersecurity
    Next article
    Online regulation of minors : young and overlooked
    Read
    07
    MIN
    Image Ukraine Confirms Russian Cyber Espionage Operation Targeting Prosecutors and Anti-Corruption Agencies
    Cybersecurity
    04.20.26 Cybersecurity
    Next article
    Ukraine Confirms Russian Cyber Espionage Operation Targeting Prosecutors and Anti-Corruption Agencies
    Read
    01
    MIN
    Image OpenAI ramps up cyber defense with GPT-5.4-Cyber, directly challenging Anthropic
    Cybersecurity
    04.17.26 Cybersecurity
    Next article
    OpenAI ramps up cyber defense with GPT-5.4-Cyber, directly challenging Anthropic
    Read
    02
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.