China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769) - Help Net Security

A suspected China-linked cyberespionage group, UNC6201, has been exploiting a Dell zero-day vulnerability (CVE-2026-22769) in RecoverPoint for Virtual Machines since mid-2024, deploying backdoors like BRICKSTORM and GRIMBOLT and a webshell called SLAYSTYLE. The attackers leveraged default credentials to gain access and deployed stealthy tactics, including novel methods to pivot into VMware virtual infrastructure.