EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    • Home
    • Cybersecurity
    • Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint

    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint

    Written by
    The Editorial Team
    02.19.26
    Cybersecurity
    02
    MIN
    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    Chinese Cyber-Espionage Group Exploits Critical 0-Day in Dell RecoverPoint
    Image Trust & Safety Forum: the three fundamentals for building a safer digital world
    Cybersecurity
    06.08.26 Cybersecurity
    Next article
    Trust & Safety Forum: the three fundamentals for building a safer digital world
    Read
    08
    MIN
    Image Germany unveils its anti-kill-switch framework
    Cybersecurity
    05.22.26 Cybersecurity
    Next article
    Germany unveils its anti-kill-switch framework
    Read
    09
    MIN
    Image Our Google Search Data Out in the Wild? The Countdown Has Begun!
    Cybersecurity
    04.28.26 Cybersecurity
    Next article
    Our Google Search Data Out in the Wild? The Countdown Has Begun!
    Read
    09
    MIN
    Image Online regulation of minors : young and overlooked
    Cybersecurity
    04.21.26 Cybersecurity
    Next article
    Online regulation of minors : young and overlooked
    Read
    07
    MIN
    On February 17, 2026, Mandiant and the Google Threat Intelligence Group (GTIG) revealed that a newly identified China-linked cyber-espionage group, UNC6201, had been exploiting a zero-day vulnerability in Dell RecoverPoint for Virtual Machines since 2024.

    The backup and disaster recovery solution is widely used by large enterprises to protect virtual environments.

    Cybersecurity researchers identified a hard-coded password in the source code of certain versions of Dell RecoverPoint. The vulnerability was assigned the highest severity rating, with a CVSS score of 10.0.

    By exploiting the flaw, UNC6201 obtained administrative access to targeted systems, enabling the deployment of malware. Some of the tools used were previously known, such as Slaystyle and Brickstorm, while others were newly identified, including a Trojan dubbed Grimbolt.

    The group installed malicious tools to maintain stealthy and persistent access to compromised machines.

    The attackers also created fake network interfaces (“Ghost NICs”) on VMware ESXi servers to move laterally without detection. In addition, they modified legitimate scripts to discreetly ensure persistence.

    Dell Technologies has released a patch addressing the vulnerability and is urging customers to apply it as soon as possible. According to the company, active exploitation cases remain “limited” at this stage.

    Mandiant and GTIG also identified similarities between UNC6201 and the group known as Silk Typhoon, which has been involved in several large-scale cyber-espionage campaigns attributed to Beijing. However, researchers have refrained from formally linking the two groups due to insufficient evidence.

    The Editorial Team
    02.19.26
    Articles by the same author:
    1
    06.10.26 Cyber +
    Canada: Artificial Intelligence as a Pillar of Digital Sovereignty
    Read
    02
    MIN
    2
    06.08.26 Cybercrime
    According to the Five Eyes, Chinese spies are using job sites to recruit insiders
    Read
    02
    MIN
    3
    06.04.26 Cyber +
    Russia accuses foreign intelligence services of hacking the phones of senior officials
    Read
    01
    MIN
    4
    06.04.26 Secops
    Palo Alto Networks announced on June 2, 2026, the acquisition of Portkey, a U.S. start-up specializing in the control of autonomous AI agents.
    Read
    01
    MIN
    Image Trust & Safety Forum: the three fundamentals for building a safer digital world
    Cybersecurity
    06.08.26 Cybersecurity
    Next article
    Trust & Safety Forum: the three fundamentals for building a safer digital world
    Read
    08
    MIN
    Image Germany unveils its anti-kill-switch framework
    Cybersecurity
    05.22.26 Cybersecurity
    Next article
    Germany unveils its anti-kill-switch framework
    Read
    09
    MIN
    Image Our Google Search Data Out in the Wild? The Countdown Has Begun!
    Cybersecurity
    04.28.26 Cybersecurity
    Next article
    Our Google Search Data Out in the Wild? The Countdown Has Begun!
    Read
    09
    MIN
    Image Online regulation of minors : young and overlooked
    Cybersecurity
    04.21.26 Cybersecurity
    Next article
    Online regulation of minors : young and overlooked
    Read
    07
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.