Chinese hackers exploit critical flaw in Dell software

Q: What is a zero-day vulnerability?

It is a vulnerability unknown until exploited by attackers.

Q: What is Dell RecoverPoint for Virtual Machines?

It is software used for data recovery in virtual machine environments.

Q: How do hackers evade detection?

They use a technique called 'ghost NICs' to maintain access without being identified.

go.theregister.com

Cybersecurity

Chinese hackers exploit critical flaw in Dell software

TL;DR

Chinese hackers have been exploiting a critical flaw in Dell's software since mid-2024. This vulnerability poses significant risks for affected organizations.

go.theregister.com•February 18, 2026•

1 min read

•0 views

Hackers associated with China have been exploiting a critical embedded credential flaw in Dell RecoverPoint for Virtual Machines since mid-2024. The exploitation of this vulnerability, classified as a zero-day (unknown until exploited), is part of an ongoing effort to install backdoors in infected machines, according to the incident response team at Google Mandiant.

The attackers use a technique known as 'ghost NICs' to evade detection. This approach allows them to maintain prolonged access to compromised systems without being identified. The full extent of the infections remains unknown, but the impact could be significant for organizations using this software.

Dell RecoverPoint for Virtual Machines is widely used for data recovery in virtual machine environments, making it a valuable target for attacks. The use of hardcoded credentials poses a serious risk, as it allows attackers to access systems without needing to crack passwords or other security measures.

Organizations using Dell RecoverPoint are advised to review their infrastructures and apply security patches as soon as they become available. This vulnerability highlights the importance of regularly monitoring and updating critical software to mitigate cybersecurity risks.