{"id":214695,"date":"2026-02-17T19:35:00","date_gmt":"2026-02-18T00:35:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/17\/google-chinese-state-attackers-going-after-dell-zero-day-since-mid-2024\/"},"modified":"2026-02-17T21:02:37","modified_gmt":"2026-02-18T02:02:37","slug":"google-chinese-state-attackers-going-after-dell-zero-day-since-mid-2024","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/17\/google-chinese-state-attackers-going-after-dell-zero-day-since-mid-2024\/","title":{"rendered":"Google: Chinese state attackers going after Dell zero-day since mid-2024"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/china-brickstorm-grimbolt-dell-zero-day\/\">Google: Chinese state attackers going after Dell zero-day since mid-2024<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/china-brickstorm-grimbolt-dell-zero-day\/\">https:\/\/cyberscoop.com\/china-brickstorm-grimbolt-dell-zero-day\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-17 19:35:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>Researchers uncovered more worrying details about a long-running cyber espionage campaign suspected to be backed by the Chinese government, exemplifying how such attacks often go undetected until they\u2019ve already caused significant damage.<\/p>\n<p>Google Threat Intelligence Group and Mandiant said the Chinese threat group UNC6201 has been exploiting a zero-day vulnerability in Dell RecoverPoint for Virtual Machines since at least mid-2024. The group overlaps with UNC5221, also known as Silk Typhoon, which has been burrowing into critical infrastructure and government agency networks undetected since at least 2022.<\/p>\n<p>The zero-day exploitation marks an escalation from this particular cluster of actors.\u00a0 State-sponsored attackers spent years implanting Brickstorm malware into networks before the campaign was finally detected last summer. By September, however, the attackers had replaced Brickstorm with Grimbolt, a more advanced malware that\u2019s harder to detect, Google security researchers said Tuesday.<\/p>\n<p>The zero-day vulnerability \u2014 CVE-2026-22769 \u2014 hinges on a hardcoded administrator password in Dell RecoverPoint for Virtual Machines that was pulled from Apache Tomcat. It carries a 10\/10 CVSS rating. The Chinese threat group has been using the hardcoded password, which triggers the vulnerability and allows unauthenticated remote attackers to gain full system access with root-level persistence for at least 18 months, Google said.\u00a0<\/p>\n<p>Dell Technologies disclosed and released a patch for the vulnerability Tuesday. A company spokesperson urged customers to follow guidance in its security advisory.<\/p>\n<p>\u201cWe are aware of less than a dozen impacted organizations, but because the full scale of this campaign is unknown we recommend that organizations previously targeted by Brickstorm look out for Grimbolt in their environments,\u201d Austin Larsen, principal analyst at GTIG, told CyberScoop.<\/p>\n<p>When the Cybersecurity and Infrastructure Security Agency unveiled&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/china-brickstorm-grimbolt-dell-zero-day\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google: Chinese state attackers going after Dell zero-day since mid-2024 https:\/\/cyberscoop.com\/china-brickstorm-grimbolt-dell-zero-day\/ Publish Date: 2026-02-17 19:35:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":214696,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2026\/02\/GettyImages-508484785-1.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32,27],"class_list":["post-214695","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214695"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=214695"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214695\/revisions"}],"predecessor-version":[{"id":214697,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214695\/revisions\/214697"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/214696"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=214695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=214695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=214695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}