Dell 0-day exploited by suspected Chinese snoops since 2024 • The Register

Staff Editor 2026-02-17
Dell 0-day exploited by suspected Chinese snoops since 2024 • The Register

Dell 0-day exploited by suspected Chinese snoops since 2024 • The Register

https://www.theregister.com/2026/02/18/dell_0day_brickstorm_campaign/

Publish Date: 2026-02-17 19:05:00

Source Domain: www.theregister.com

China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It’s all part of a long-running effort to backdoor infected machines for long-term access, according to Google’s Mandiant incident response team.

The US government and Google first warned about this campaign last year after detecting Brickstorm backdoors in dozens of critical US networks.

Dell disclosed and patched the critical flaw (CVE-2026-22769) on Tuesday – but noted that miscreants had found and exploited the bug before it issued a fix.

“We have received a report of limited active exploitation of this vulnerability,” a Dell spokesperson told The Register. “Customers are urged to immediately implement one of the remediations detailed” in the advisory.

According to Mandiant and the Google Threat Intelligence Group, which also published a security alert on Tuesday about the Dell zero-day, the suspected PRC-linked intruders exploited CVE-2026-22769 to deploy malware including Brickstorm and a separate backdoor tracked as Grimbolt, and in some cases replaced older Brickstorm binaries with Grimbolt, while also creating “Ghost NICs” on virtual machines to enable stealthy network pivoting.

“Analysis of incident response engagements revealed that UNC6201, a suspected PRC-nexus threat cluster, has exploited this flaw since at least mid-2024 to move laterally, maintain persistent access, and deploy malware including Slaystyle, Brickstorm, and a novel backdoor tracked as Grimbolt,” said Google threat hunters Peter Ukhanov, Daniel Sislo, Nick Harbour, John Scarbrough, Fernando Tomlinson, Jr, and Rich Reece.

Because the full scale of this campaign is unknown, we recommend that organizations previously targeted by Brickstorm look out for Grimbolt in their environments

When asked about the…

Source

More Stories

RSU cybersecurity graduate, student leader accepts staff position in Student Affairs | News

RSU cybersecurity graduate, student leader accepts staff position in Student Affairs | News

Staff Editor 2026-06-06
Canada parliament passes cybersecurity bill amid privacy concerns – JURIST

Canada parliament passes cybersecurity bill amid privacy concerns – JURIST

Staff Editor 2026-06-06
Gaming soundbar can be hijacked from over 16 yards away without touch or pairing — the company allegedly refuses to label the blatant security flaw a cybersecurity risk

Gaming soundbar can be hijacked from over 16 yards away without touch or pairing — the company allegedly refuses to label the blatant security flaw a cybersecurity risk

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy