{"id":188344,"date":"2026-02-17T18:26:00","date_gmt":"2026-02-17T23:26:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/17\/hsckers-exploit-zero-day-flaw-in-dell-recoverpoint-for-virtual-machines\/"},"modified":"2026-02-17T18:35:07","modified_gmt":"2026-02-17T23:35:07","slug":"hsckers-exploit-zero-day-flaw-in-dell-recoverpoint-for-virtual-machines","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/17\/hsckers-exploit-zero-day-flaw-in-dell-recoverpoint-for-virtual-machines\/","title":{"rendered":"Hsckers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/zero-day-dell-recoverpoint-virtual-machines-exploited\/812392\/\">Hsckers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/zero-day-dell-recoverpoint-virtual-machines-exploited\/812392\/\">https:\/\/www.cybersecuritydive.com\/news\/zero-day-dell-recoverpoint-virtual-machines-exploited\/812392\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-17 18:26:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Threat actors are weaponizing a zero-day vulnerability in Dell RecoverPoint for Virtual Machines in a cyberattack campaign that drops a novel backdoor, according to new findings from Mandiant and Google Threat Intelligence Group.\u00a0<br \/>\nThe product allows users to manage backup and disaster recovery for VMware virtual machines.\u00a0<br \/>\nThe vulnerability, listed as CVE-2026-22769, is a hardcoded credential vulnerability that can allow an unauthenticated attacker to gain access to an underlying system and maintain root-level persistence. The vulnerability has a severity score of 10.\u00a0<\/p>\n<p>A threat actor Google tracks as UNC6201 has been using the flaw in attacks since at least 2024, with the ability to maintain persistent access, move laterally and deploy Brickstone, Slaystyle and a novel backdoor called Grimbolt.\u00a0<br \/>\nBrickstone is a backdoor written in Go that is used to target VMware vCenter servers, according to researchers.\u00a0<br \/>\nIn these newly disclosed attacks, UNC6201 has replaced Brickstone malware with Gribolt, a backdoor that is more difficult to detect.\u00a0<br \/>\n\u201cThis is a C# backdoor compiled using native ahead-of-time compilation, making it harder to reverse engineer,\u201d Charles Carmakal, CTO and board advisor, Mandiant Consulting, said in a LinkedIn post.\u00a0<br \/>\nMandiant discovered the vulnerability while investigating multiple instances of Dell RecoverPoint for VirtualMachines within a victim\u2019s environment, according to Austin Larsen, principal threat analyst at GTIG.\u00a0<br \/>\nLarsen said they are aware of less than a dozen impacted organizations, but warned that organizations previously targeted by Brickstorm should check for Grimbolt in their environments.\u00a0\u00a0<br \/>\nDell, meanwhile, is urging customers to upgrade and apply mitigations it has provided in a new advisory.\u00a0<br \/>\n\u201cWe have received a report of limited active exploitation of this vulnerability,\u201d a spokesperson for Dell told Cybersecurity Dive.<br \/>\nThe company urged customers to immediately implement one of the remediations detailed in the security advisory.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hsckers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines https:\/\/www.cybersecuritydive.com\/news\/zero-day-dell-recoverpoint-virtual-machines-exploited\/812392\/ Publish Date: 2026-02-17 18:26:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":188345,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/Z1ehhTDwxapYbqO5DQqCaMey0Q2oBbdNtlqPyeZtQo4\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xNDIwMDM5OTAwLmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,32,34,27],"class_list":["post-188344","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-malware","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188344"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=188344"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188344\/revisions"}],"predecessor-version":[{"id":188346,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188344\/revisions\/188346"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/188345"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=188344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=188344"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=188344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}