Fed agencies ordered to patch Dell bug by Saturday after exploitation warning

Steven

Fed agencies ordered to patch Dell bug by Saturday after exploitation warning

Summary

A Chinese state-backed group has been exploiting a zero-day, CVE-2026-22769, in Dell RecoverPoint for Virtual Machines. Dell and Google (Mandiant) say exploitation dates back to mid‑2024; Dell rates the flaw a 10/10. CISA confirmed active exploitation and ordered all federal agencies to apply patches by Saturday.

The flaw targets disaster‑recovery appliances that run with elevated privileges and integrate with hypervisors, storage and backup systems, making them high‑value for espionage and disruption. Mandiant reports the intrusions used the BRICKSTORM backdoor and a newer replacement called GRIMBOLT, which the attackers appear to use to reduce forensic fingerprints and prolong access.

Key Points

  • CVE-2026-22769 affects Dell RecoverPoint for Virtual Machines and carries a severity score of 10/10.
  • Mandiant and Google attribute the attacks to UNC6201 with links to Silk Typhoon; activity has targeted organisations across North America.
  • CISA has confirmed active exploitation and ordered all federal agencies to patch by Saturday.
  • Attackers deployed BRICKSTORM and an evolved backdoor called GRIMBOLT to maintain stealthy, long‑term access and remove attack fingerprints.
  • Backup and disaster‑recovery platforms operate with elevated privileges, so compromising them can undermine recovery and expose replicated data.
  • Industry telemetry (Mandiant, CrowdStrike, Qualys) shows long‑running intrusions and malware evolution from 2023–2025 targeting DR/VM infrastructure.

Why should I read this?

This is short and blunt: if you run Dell RecoverPoint, or you’re responsible for backup, DR or VMware environments, stop faffing about and check the patch right now — it’s a 10/10 bug actively exploited by a state‑linked actor. If you’re not directly responsible, it’s still useful to know attackers are focusing on recovery systems because that’s where they can do the most damage or steal the juiciest data. We’ve sifted through the alerts and advisories so you don’t have to — patch or validate your defences.

Source

Source: https://therecord.media/fed-agencies-ordered-to-patch-dell-bug-after-exploitation-warning