Sign up to save your podcasts
Or
Share China's Two-Year Secret: Dell Hack Exposed and BeyondTrust Under Siege - Your Friday Night Cyber Tea
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
China's Two-Year Secret: Dell Hack Exposed and BeyondTrust Under Siege - Your Friday Night Cyber Tea
This is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here with your Friday night China cyber briefing, and trust me, the last 24 hours have been absolutely wild.
Let's jump right in. Dell RecoverPoint just got caught in the crosshairs of a suspected Chinese state-linked APT group that's been quietly exploiting a critical zero-day vulnerability called CVE-2026-22769 since mid-2024. This isn't some run-of-the-mill bug. Mandiant and Google's Threat Intelligence Group detected this crew deploying nasty malware called BRICKSTORM and GRIMBOLT directly into VMware environments. For two years. Two years these attackers had persistent access, and most organizations had no idea. If you're running Dell RecoverPoint for virtual machines, this is a five-alarm fire.
But wait, it gets worse. BeyondTrust Remote Support and Privileged Remote Access products are getting absolutely hammered right now. We're talking CVE-2026-1731, a critical flaw with a CVSS score of 9.9 that basically gives attackers free rein to execute arbitrary commands. Palo Alto Networks Unit 42 caught this vulnerability being actively exploited across financial services, legal firms, tech companies, hospitals, and retail operations spanning the US, France, Germany, Australia, and Canada. Attackers are deploying web shells, setting up command-and-control infrastructure, installing backdoors, and exfiltrating everything from configuration files to entire PostgreSQL databases.
CISA wasted no time. Both vulnerabilities got added to their Known Exploited Vulnerabilities catalog this week. That's your official warning that sophisticated threat actors, potentially including China-nexus groups like Silk Typhoon, are actively weaponizing these flaws.
Here's what you need to do immediately. First, patch everything. Dell RecoverPoint, BeyondTrust, all of it. Don't wait for the perfect maintenance window. Second, hunt for indicators of compromise on your network. Check for unusual outbound connections, command-and-control traffic masquerading as legitimate activity, and any evidence of credential theft or lateral movement. Third, if you're running these products in critical infrastructure or financial systems, assume you've been targeted and conduct forensic analysis now.
The broader picture here is that China-linked actors continue proving they're playing the long game. They're not smashing and grabbing. They're patient, methodical, and willing to sit inside your network for years collecting intelligence. That's the operational sophistication that keeps CISA up at night.
Thanks for tuning in, listeners. Make sure you subscribe so you don't miss the next critical update. This has been Quiet Please Production, for more check out quietplease dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here with your Friday night China cyber briefing, and trust me, the last 24 hours have been absolutely wild.
Let's jump right in. Dell RecoverPoint just got caught in the crosshairs of a suspected Chinese state-linked APT group that's been quietly exploiting a critical zero-day vulnerability called CVE-2026-22769 since mid-2024. This isn't some run-of-the-mill bug. Mandiant and Google's Threat Intelligence Group detected this crew deploying nasty malware called BRICKSTORM and GRIMBOLT directly into VMware environments. For two years. Two years these attackers had persistent access, and most organizations had no idea. If you're running Dell RecoverPoint for virtual machines, this is a five-alarm fire.
But wait, it gets worse. BeyondTrust Remote Support and Privileged Remote Access products are getting absolutely hammered right now. We're talking CVE-2026-1731, a critical flaw with a CVSS score of 9.9 that basically gives attackers free rein to execute arbitrary commands. Palo Alto Networks Unit 42 caught this vulnerability being actively exploited across financial services, legal firms, tech companies, hospitals, and retail operations spanning the US, France, Germany, Australia, and Canada. Attackers are deploying web shells, setting up command-and-control infrastructure, installing backdoors, and exfiltrating everything from configuration files to entire PostgreSQL databases.
CISA wasted no time. Both vulnerabilities got added to their Known Exploited Vulnerabilities catalog this week. That's your official warning that sophisticated threat actors, potentially including China-nexus groups like Silk Typhoon, are actively weaponizing these flaws.
Here's what you need to do immediately. First, patch everything. Dell RecoverPoint, BeyondTrust, all of it. Don't wait for the perfect maintenance window. Second, hunt for indicators of compromise on your network. Check for unusual outbound connections, command-and-control traffic masquerading as legitimate activity, and any evidence of credential theft or lateral movement. Third, if you're running these products in critical infrastructure or financial systems, assume you've been targeted and conduct forensic analysis now.
The broader picture here is that China-linked actors continue proving they're playing the long game. They're not smashing and grabbing. They're patient, methodical, and willing to sit inside your network for years collecting intelligence. That's the operational sophistication that keeps CISA up at night.
Thanks for tuning in, listeners. Make sure you subscribe so you don't miss the next critical update. This has been Quiet Please Production, for more check out quietplease dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here with your Friday night China cyber briefing, and trust me, the last 24 hours have been absolutely wild.
Let's jump right in. Dell RecoverPoint just got caught in the crosshairs of a suspected Chinese state-linked APT group that's been quietly exploiting a critical zero-day vulnerability called CVE-2026-22769 since mid-2024. This isn't some run-of-the-mill bug. Mandiant and Google's Threat Intelligence Group detected this crew deploying nasty malware called BRICKSTORM and GRIMBOLT directly into VMware environments. For two years. Two years these attackers had persistent access, and most organizations had no idea. If you're running Dell RecoverPoint for virtual machines, this is a five-alarm fire.
But wait, it gets worse. BeyondTrust Remote Support and Privileged Remote Access products are getting absolutely hammered right now. We're talking CVE-2026-1731, a critical flaw with a CVSS score of 9.9 that basically gives attackers free rein to execute arbitrary commands. Palo Alto Networks Unit 42 caught this vulnerability being actively exploited across financial services, legal firms, tech companies, hospitals, and retail operations spanning the US, France, Germany, Australia, and Canada. Attackers are deploying web shells, setting up command-and-control infrastructure, installing backdoors, and exfiltrating everything from configuration files to entire PostgreSQL databases.
CISA wasted no time. Both vulnerabilities got added to their Known Exploited Vulnerabilities catalog this week. That's your official warning that sophisticated threat actors, potentially including China-nexus groups like Silk Typhoon, are actively weaponizing these flaws.
Here's what you need to do immediately. First, patch everything. Dell RecoverPoint, BeyondTrust, all of it. Don't wait for the perfect maintenance window. Second, hunt for indicators of compromise on your network. Check for unusual outbound connections, command-and-control traffic masquerading as legitimate activity, and any evidence of credential theft or lateral movement. Third, if you're running these products in critical infrastructure or financial systems, assume you've been targeted and conduct forensic analysis now.
The broader picture here is that China-linked actors continue proving they're playing the long game. They're not smashing and grabbing. They're patient, methodical, and willing to sit inside your network for years collecting intelligence. That's the operational sophistication that keeps CISA up at night.
Thanks for tuning in, listeners. Make sure you subscribe so you don't miss the next critical update. This has been Quiet Please Production, for more check out quietplease dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here with your Friday night China cyber briefing, and trust me, the last 24 hours have been absolutely wild.
Let's jump right in. Dell RecoverPoint just got caught in the crosshairs of a suspected Chinese state-linked APT group that's been quietly exploiting a critical zero-day vulnerability called CVE-2026-22769 since mid-2024. This isn't some run-of-the-mill bug. Mandiant and Google's Threat Intelligence Group detected this crew deploying nasty malware called BRICKSTORM and GRIMBOLT directly into VMware environments. For two years. Two years these attackers had persistent access, and most organizations had no idea. If you're running Dell RecoverPoint for virtual machines, this is a five-alarm fire.
But wait, it gets worse. BeyondTrust Remote Support and Privileged Remote Access products are getting absolutely hammered right now. We're talking CVE-2026-1731, a critical flaw with a CVSS score of 9.9 that basically gives attackers free rein to execute arbitrary commands. Palo Alto Networks Unit 42 caught this vulnerability being actively exploited across financial services, legal firms, tech companies, hospitals, and retail operations spanning the US, France, Germany, Australia, and Canada. Attackers are deploying web shells, setting up command-and-control infrastructure, installing backdoors, and exfiltrating everything from configuration files to entire PostgreSQL databases.
CISA wasted no time. Both vulnerabilities got added to their Known Exploited Vulnerabilities catalog this week. That's your official warning that sophisticated threat actors, potentially including China-nexus groups like Silk Typhoon, are actively weaponizing these flaws.
Here's what you need to do immediately. First, patch everything. Dell RecoverPoint, BeyondTrust, all of it. Don't wait for the perfect maintenance window. Second, hunt for indicators of compromise on your network. Check for unusual outbound connections, command-and-control traffic masquerading as legitimate activity, and any evidence of credential theft or lateral movement. Third, if you're running these products in critical infrastructure or financial systems, assume you've been targeted and conduct forensic analysis now.
The broader picture here is that China-linked actors continue proving they're playing the long game. They're not smashing and grabbing. They're patient, methodical, and willing to sit inside your network for years collecting intelligence. That's the operational sophistication that keeps CISA up at night.
Thanks for tuning in, listeners. Make sure you subscribe so you don't miss the next critical update. This has been Quiet Please Production, for more check out quietplease dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI