Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Dell Vulnerability Exploited by Chinese Hackers Since 2024

Dell Vulnerability Exploited by Chinese Hackers Since 2024

Posted on February 18, 2026 By CWS

A serious zero-day vulnerability affecting Dell’s RecoverPoint for Virtual Machines has been actively exploited since mid-2024 by suspected Chinese hackers. This vulnerability, identified as CVE-2026-22769, has been rated with the highest possible CVSSv3.1 score of 10.0, indicating its critical nature.

Exploitation by UNC6201 Threat Group

Cybersecurity experts from Mandiant and Google’s Threat Intelligence Group attribute these attacks to the UNC6201 threat cluster, which is believed to have ties to China. This group is known for its overlap with Silk Typhoon, another notorious hacking group. The attackers have used this Dell vulnerability to infiltrate networks, maintain access, and deploy various malware types, including SLAYSTYLE, BRICKSTORM, and a new backdoor named GRIMBOLT.

Although the initial method of access remains unknown, UNC6201 has a history of targeting network edge devices like VPN concentrators to gain entry. This tactic allows them to establish a foothold in targeted environments.

Technical Details of the Vulnerability

The root of this vulnerability lies in the Dell RecoverPoint’s configuration, particularly the Apache Tomcat Manager, which contains hardcoded admin credentials. These credentials, found in the /home/kos/tomcat9/tomcat-users.xml file, permit remote attackers to access the system without authentication. Once inside, attackers can exploit the /manager/text/deploy endpoint to upload malicious files, including the SLAYSTYLE web shell, which provides root-level command execution.

The evolution of this campaign includes transitioning from BRICKSTORM to GRIMBOLT, a more advanced malware. Unlike typical .NET malware, GRIMBOLT is written in C# and compiled using Native Ahead-of-Time compilation, enhancing its stealth and efficiency in constrained environments.

Mitigation and Future Implications

Dell has issued urgent guidance for customers using affected versions of RecoverPoint. Users are advised to upgrade to secure versions or apply the provided remediation scripts to mitigate the risk. The affected versions include RecoverPoint for Virtual Machines 5.3 SP4 P1 and 6.0 through 6.0 SP3 P1.

Beyond immediate mitigation, this incident underscores the need for robust security practices to defend against sophisticated adversaries. As attackers continually evolve their techniques, organizations must remain vigilant and proactive in their cybersecurity efforts.

For ongoing updates and expert insights, follow our cybersecurity news on Google News, LinkedIn, and X. Reach out to us if you have stories to share or need expert analysis on cybersecurity matters.

Cyber Security News Tags:Apache Tomcat, CVE-2026-22769, Cybersecurity, Dell, Hackers, Malware, Silk Typhoon, UNC6201, Vulnerability, zero-day

Post navigation

Previous Post: Cybercriminals Exploit Atlassian for Fraudulent Schemes
Next Post: Matanbuchus 3.0 Emerges with Advanced Tactics to Deliver AstarionRAT

Related Posts

Silver Fox Shifts Tactics to Python-Based Threats in Asia Silver Fox Shifts Tactics to Python-Based Threats in Asia Cyber Security News
Rhadamanthys Infostealer Leveraging ClickFix Technique to Steal Login Credentials Rhadamanthys Infostealer Leveraging ClickFix Technique to Steal Login Credentials Cyber Security News
Google Releases Guide to Harden Security Strategy and Detection Capabilities Against UNC6040 Google Releases Guide to Harden Security Strategy and Detection Capabilities Against UNC6040 Cyber Security News
Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks Cyber Security News
New Phishing Attack Bypasses Using UUIDs Unique to Bypass Secure Email Gateways New Phishing Attack Bypasses Using UUIDs Unique to Bypass Secure Email Gateways Cyber Security News
BioShocking Attack Exposes AI Browsers to Credential Leaks BioShocking Attack Exposes AI Browsers to Credential Leaks Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark