China-linked snoops have been exploiting Dell 0-day since mid-2024, using ‘ghost NICs’ to avoid detection


China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It’s all part of a long-running effort to backdoor infected machines for long-term access, according to Google’s Mandiant incident response team.

The US government and Google first warned about this campaign last year after detecting Brickstorm backdoors in dozens of critical US networks. Dell disclosed and patched the critical flaw (CVE-2026-22769) on Tuesday – but noted that miscreants had found and exploited the bug before it issued a fix.

Read more…
Source: The Register News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • NSA Advocates Data Sharing Framework

    June 23, 2017

    The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...