Chinese Hackers Exploit Dell Zero-Day Flaw CVE-2026-22769 Since Mid-2024

Chinese Hackers Exploit Dell Zero-Day Flaw CVE-2026-22769 Since Mid-2024

First seen 17 Feb 2026, 21:10 UTC MandiantBleepingcomputerCybersecuritydiveTheregisterCyberscoop+30 83% similarity 70.4

Article Content

Browse articles
ThreatCluster

A Chinese state-backed hacking group, UNC6201, has been exploiting a critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines since at least mid-2024. The flaw, tracked as CVE-2026-22769, features a maximum severity rating due to hardcoded credentials, allowing unauthorized access to VMware virtual machine backups. This exploitation was revealed by Mandiant and the Google Threat Intelligence Group on February 17, 2026.

ThreatCluster AI

Timeline

2024-06-01
UNC6201 begins exploiting Dell RecoverPoint vulnerability
2026-02-17
CVE-2026-22769 published
2026-02-17
Mandiant and GTIG report on UNC6201's activities

Community

Browse all →