State-sponsored actors have been living in your backups for months. 🛡️
CVE-2026-22769 · Severity 10.0 · Hardcoded credentials in Dell RecoverPoint for Virtual Machines.
We are seeing reports that China-linked espionage groups have exploited this flaw since mid-2024. The @[CISA](urn:li:organization:13010360) has given federal agencies only three days to patch this due to the extreme risk.
Attackers are using “Ghost NICs” on virtual machines to quietly pivot through compromised environments without alerting security teams. This allows for long-term persistence within your disaster recovery site.
The uncomfortable truth: Your disaster recovery plan is a weapon in the hands of an attacker if your backup infrastructure is unpatched.
→ Update @[Dell Technologies](urn:li:organization:1193) RecoverPoint for VMs to the patched version by tomorrow morning.
→ Rotate all administrative credentials associated with your virtualization and backup stack.
→ Hunt for unauthorized lateral movement originating from your disaster recovery nodes.
Is your SOC currently monitoring your backup infrastructure for unauthorized network pivots? 👇
#Cybersecurity #DataProtection #Espionage #InfrastructureSecurity #CISO #CodeDefence