Data center showing zero-day vulnerability for VMs exploited by Chinese hackers

Dell Zero-Day Vulnerability Found in RecoverPoint for VMs Has Been Present (And Exploited by Chinese Hackers) Since 2024

A new report from Google Threat Intelligence Group (GTIG) and Mandiant warns of a zero-day vulnerability present in Dell RecoverPoint for Virtual Machines since 2024, and that has been actively exploited by Chinese hackers for at least that long.

The activity has been linked to state-backed threat actor UNC6201, a suspected “cluster” of Chinese hackers that overlaps in activity with the Silk Typhoon and Warp Panda groups among others. These threat actors are thought to be the first to exploit the zero-day vulnerability, with their activity traced back to mid-2024. Dell has released a patch for the vulnerability ahead of the public announcement.

Dell VMWare zero-day vulnerability exploited for espionage against US organizations

CVE-2026-22769 has been given the highest CVE score of 10.0. The zero-day vulnerability was uncovered as part of research into the ongoing “Brickstorm” campaign linked to Chinese hackers, which Mandiant and Google have been issuing warnings and reporting on for roughly a year now.

The targets of this campaign are primarily US-based organizations, both private and public sector, with espionage information of interest to Chinese hackers. The new research indicates that the attackers have swapped out the Brickstorm malware for something new called “Grimbolt,” however, linked to its previous iteration by using shared command-and-control servers and remote shell capability.

The zero-day vulnerability was first discovered by Mandiant while the security firm was investigating multiple compromised Dell RecoverPoint for Virtual Machines instances within a victim environment. The exploited flaw is present in software versions prior to 6.0.3.1 HF1. As the long breach window indicates, the Chinese hackers were able to exploit the vulnerability for long-term root-level persistence and deployed “Ghost NIC” hidden network interfaces on VMware ESXi servers to range across target infrastructure.

Malware campaign indicates Chinese hackers are escalating activity

The Brickstorm campaign was already very significant, beginning in 2022 and not really uncovered until 2025 after compromising what Google threat researchers say were dozens of US-based organizations. Grimbolt is an even more sophisticated backdoor, however, and indicates that this particular threat cluster of Chinese hackers is becoming more skilled and more aggressive. And though they share some commonalities, detection of Brickstorm does not at all mean that organizations will also be able to detect ongoing Grimbolt intrusions.

Some organizations compromised by the Chinese hackers have experienced breach windows of over three consecutive years. And the attackers have been spotted replacing some former Brickstorm installations with Grimbolt before being detected. At present Mandiant says that it only knows of “fewer than a dozen” organizations that fell victim to this particular zero-day vulnerability, but more could very well be out there as of yet undetected.

Chinese hackers have remained highly active in spite of the uncovering of major campaigns such as the breaches of major players in the global telecoms sector, and they are showing a variety of approaches ranging from simple scanning for known vulnerabilities to creative deployment of new AI tools. Another state-backed group from China operated a successful phishing campaign in December targeting US diplomats with fake policy briefings, and Anthropic has warned that it has caught Chinese hackers making use of Claude successfully to manage and automate hacking campaigns that successfully breached at least four organizations.

This is also not the only zero-day vulnerability in the news at the moment, with Apple confirming that a dangerous exploit that has been present in iOS since 2007 has only recently been patched out. That vulnerability is thought to have been used as part of commercial spyware, though it remains unclear who took advantage of it or how often it was used to breach targets. Google and Microsoft have also each reported at least one severe zero-day vulnerability. Google’s CVE-2026-2441 is a Chrome vulnerability that allows the browser to be hijacked by loading a malicious HTML page, and Microsoft has issued patches for issues in several products including Office and Windows Search. These vulnerabilities have been exploited in the wild prior to patching, setting 2026 off to a fast start in terms of necessary updates.

For their part Dell has released an official security advisory addressing their zero-day vulnerability, providing detection and hardening guidance as well as a deeper technical analysis of the approaches the Chinese hackers use. Updating to version 6.0.3.1 HF1 removes the vulnerability, but for some older versions the update and remediation process is not as straightforward as others. Those running any version of 6.0 should be looking at a relatively simple update, but the security advisory provides more detailed instructions for older versions that may need to first migrate to another specific older version and run a remediation script.

Piyush Sharma, CEO and co-founder of Tuskira, makes the case for adopting agentic AI given the state of the current threat landscape: “What makes this Dell zero-day different from a typical vulnerability disclosure is the blend of stealth and leverage. The campaign pivots deeper into infrastructure by creating temporary hidden network ports to move laterally, targeting systems that lack proper endpoint protection, often the least visible areas of SOCs. This is the kind of exposure that moves from annoying to operationally dangerous quickly, since it’s not just a crash bug or a narrow privilege escalation. Long-term unauthenticated access to internal systems is a straight path to long lived backdoors and quiet staging for bigger outcomes like data theft, credential harvesting, and high impact disruption. Integration of AI into security defenses is the best defensive measures that organizations can take to protect against dangerous, persistent zero-day vulnerabilities. Agentic AI defenses don’t wait for a perfect signature or a finished patch but rather continuously connect weak signals across tools and layers, then flag behavior that looks like exploitation, persistence, or lateral movement even when the exact bug is new. They also take fast, policy driven action, like isolating the backup plane, tightening management access, and forcing credential rotation, while verifying the change actually reduced exposure.”