{"id":215001,"date":"2026-02-17T19:05:00","date_gmt":"2026-02-18T00:05:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/17\/dell-0-day-exploited-by-suspected-chinese-snoops-since-2024-the-register\/"},"modified":"2026-02-18T15:30:13","modified_gmt":"2026-02-18T20:30:13","slug":"dell-0-day-exploited-by-suspected-chinese-snoops-since-2024-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/17\/dell-0-day-exploited-by-suspected-chinese-snoops-since-2024-the-register\/","title":{"rendered":"Dell 0-day exploited by suspected Chinese snoops since 2024 \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/18\/dell_0day_brickstorm_campaign\/\">Dell 0-day exploited by suspected Chinese snoops since 2024 \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/18\/dell_0day_brickstorm_campaign\/\">https:\/\/www.theregister.com\/2026\/02\/18\/dell_0day_brickstorm_campaign\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-17 19:05:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It&#8217;s all part of a long-running effort to backdoor infected machines for long-term access, according to Google&#8217;s Mandiant incident response team.<\/p>\n<p>The US government and Google first warned about this campaign last year after detecting Brickstorm backdoors in dozens of critical US networks.<\/p>\n<p>Dell disclosed and patched the critical flaw (CVE-2026-22769) on Tuesday \u2013 but noted that miscreants had found and exploited the bug before it issued a fix.<\/p>\n<p>&#8220;We have received a report of limited active exploitation of this vulnerability,&#8221; a Dell spokesperson told The Register. &#8220;Customers are urged to immediately implement one of the remediations detailed&#8221; in the advisory.<\/p>\n<p>According to Mandiant and the Google Threat Intelligence Group, which also published a security alert on Tuesday about the Dell zero-day, the suspected PRC-linked intruders exploited CVE-2026-22769 to deploy malware including Brickstorm and a separate backdoor tracked as Grimbolt, and in some cases replaced older Brickstorm binaries with Grimbolt, while also creating \u201cGhost NICs\u201d on virtual machines to enable stealthy network pivoting.<\/p>\n<p>&#8220;Analysis of incident response engagements revealed that UNC6201, a suspected PRC-nexus threat cluster, has exploited this flaw since at least mid-2024 to move laterally, maintain persistent access, and deploy malware including Slaystyle, Brickstorm, and a novel backdoor tracked as Grimbolt,&#8221; said Google threat hunters Peter Ukhanov, Daniel Sislo, Nick Harbour, John Scarbrough, Fernando Tomlinson, Jr, and Rich Reece.<\/p>\n<p>Because the full scale of this campaign is unknown, we recommend that organizations previously targeted by Brickstorm look out for Grimbolt in their environments<\/p>\n<p>When asked about the&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/18\/dell_0day_brickstorm_campaign\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dell 0-day exploited by suspected Chinese snoops since 2024 \u2022 The Register https:\/\/www.theregister.com\/2026\/02\/18\/dell_0day_brickstorm_campaign\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":215002,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2025\/05\/13\/shutterstock_ghost.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[32,27],"class_list":["post-215001","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215001"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=215001"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215001\/revisions"}],"predecessor-version":[{"id":215003,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215001\/revisions\/215003"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/215002"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=215001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=215001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=215001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}