CISA Mandates Urgent Patching of Exploited Dell Vulnerability Within 72 Hours
US Government Agencies Ordered to Patch Critical Dell Vulnerability
The US Cybersecurity and Infrastructure Security Agency (CISA) has directed federal agencies to patch a severe vulnerability in Dell’s RecoverPoint solution, which has been actively exploited by a suspected Chinese hacking group since mid-2024. The vulnerability, tracked as CVE-2026-22769, allows attackers to gain access to a victim’s network using hardcoded credentials.
Vulnerability Details
According to security researchers from Mandiant and the Google Threat Intelligence Group (GTIG), the hacking group, known as UNC6201, has been exploiting the flaw to move laterally, maintain persistent access, and deploy malware, including a newly identified backdoor called Grimbolt.
This malware is built using a relatively new compilation technique, making it more challenging to analyze than its predecessor, the Brickstorm backdoor.
Threat Actor and Previous Breaches
UNC6201 has been linked to the Silk Typhoon Chinese state-backed cyberespionage group, which has previously breached the systems of several US government agencies, including the US Treasury Department, the Office of Foreign Assets Control (OFAC), and the Committee on Foreign Investment in the United States (CFIUS).
CISA Directive and Mitigations
CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their networks by the end of Saturday, February 21.
The agency warned that vulnerabilities like CVE-2026-22769 pose significant risks to the federal enterprise and urged agencies to apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Recent Similar Directives
This is not the first time CISA has issued a directive to patch a critical vulnerability in recent weeks. Last week, the agency gave US federal agencies three days to secure their BeyondTrust Remote Support instances against an actively exploited remote code execution vulnerability (CVE-2026-1731).
Importance of Patching and Vulnerability Management
The exploitation of CVE-2026-22769 by UNC6201 highlights the need for organizations to prioritize patching and vulnerability management. As CISA noted, these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
About Author
English