"According to security researchers from Mandiant and the Google Threat Intelligence Group (GTIG), this hardcoded-credential vulnerability (CVE-2026-22769) in Dell's RecoverPoint (a solution used for VMware virtual machine backup and recovery) is being exploited by a suspected Chinese hacking group tracked as UNC6201.

After gaining access to a victim's network in CVE-2026-22769 attacks, UNC6201 deploys several malware payloads, including a newly identified backdoor called Grimbolt. This malware is built using a relatively new compilation technique that makes it harder to analyze than its predecessor, the Brickstorm backdoor."

tech

"According to security researchers from Mandiant and the Google Threat Intelligence Group (GTIG), this hardcoded-credential vulnerability (CVE-2026-22769) in Dell's RecoverPoint (a solution used for VMware virtual machine backup and recovery) is being exploited by a suspected Chinese hacking group tracked as UNC6201.

After gaining access to a victim's network in CVE-2026-22769 attacks, UNC6201 deploys several malware payloads, including a newly identified backdoor called Grimbolt. This malware is built using a relatively new compilation technique that makes it harder to analyze than its predecessor, the Brickstorm backdoor."