Silver Bullet Security
21/02/2026
🔐Recently, a concerning report was released regarding a group of hackers linked to the Chinese government. The group has been exploiting a critical zero-day vulnerability in Dell software to conduct espionage and maintain a presence within the networks of organizations worldwide since mid-2024.
🔐The vulnerability is identified as CVE-2026-22769, with a maximum severity rating of 10/10 (CVSS), and it affects Dell RecoverPoint for Virtual Machines, a tool used for backup and disaster recovery in VMware environments. The primary cause of this flaw is the presence of 'hardcoded credentials' within the software's Apache Tomcat Manager, which allows hackers—tracked as group UNC6201 (a PRC-nexus group)—to gain root-level control over the system without any authentication.
Investigations by researchers at Mandiant revealed that this group is highly sophisticated. They specifically target 'edge devices'—network endpoints that are often blind spots for Endpoint Detection and Response (EDR) software. Furthermore, they utilized malware families known as BRICKSTORM and GRIMBOLT, along with complex techniques such as 'Ghost NICs' (creating temporary virtual network interface cards) to mask their activity while moving data within the victims' networks. These tactics allowed them to remain undetected for 18 months before they were finally discovered.
Read more : https://www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-dell-zero-day-flaw-since-mid-2024/
.
คลิกที่นี่เพื่อเป็นสมาชิก?
ประเภท
เบอร์โทรศัพท์
ที่อยู่
Exchange Tower
Bangkok
10110