"China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It's all part of a long-running effort to backdoor infected machines for long-term access, according to Dell and Google's Mandiant incident response team. The US government and Google first warned about this campaign last year after detecting Brickstorm backdoors in dozens of critical US networks."
"According to Mandiant and the Google Threat Intelligence Group, which also published a security alert on Tuesday about the Dell zero-day, the suspected PRC-linked intruders exploited CVE-2026-22769 to deploy malware including Brickstorm and a separate backdoor tracked as Grimbolt, and in some cases replaced older Brickstorm binaries with Grimbolt, while also creating "Ghost NICs" on virtual machines to enable stealthy network pivoting."
China-linked intruders exploited a maximum-severity hardcoded-credential bug (CVE-2026-22769) in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. The intruders used the flaw to move laterally, maintain persistent access, and deploy malware families including Slaystyle, Brickstorm, and a novel backdoor tracked as Grimbolt. The campaign backdoored infected machines for long-term access and in some cases replaced older Brickstorm binaries with Grimbolt. Attackers created "Ghost NICs" on virtual machines to enable stealthy network pivoting. Dell disclosed and patched the vulnerability but confirmed exploitation prior to the fix and urged immediate remediation. US government, Google, and Mandiant identified multiple affected networks and recommend monitoring for Grimbolt.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]