Dell RecoverPoint for Digital Machines is an information replication and safety equipment for VMware environments, which makes it a horny goal for this group. The brand new vulnerability impacts variations 5.3 SP4 P1, 6.0, 6.0 SP1, 6.0 SP1 P1, 6.0 SP1 P2, 6.0 SP2, 6.0 SP2 P1, 6.0 SP3, and 6.0 SP3 P1. Clients are strongly inspired to improve to the patched 6.0.3.1 HF1 model, but when that’s not instantly doable Dell additionally launched a remediation script.
Attackers improve from BRICKSTORM to GRIMBOLT
UNC6201’s actions overlap considerably with one other group that Mandiant and Google’s Risk Intelligence Group (GTIG) observe as UNC5221, which is thought for concentrating on network-edge home equipment utilizing zero-day exploits. Different security firms attribute this exercise to the Chinese language state-sponsored hacker group Silk Storm or APT27, however Google believes this to be a unique menace actor.
UNC5221 has compromised the networks of US authorized providers corporations, SaaS suppliers, enterprise course of outsourcers, and know-how firms over the previous few years and deployed Linux backdoor BRICKSTORM and an internet shell known as SLAYSTYLE that has been put in on compromised vCenter deployments.
