Dell RecoverPoint 10.0 CVE Exploited by UNC6201 GRIMBOLT

◆ DEEP DIVES

1. 01

   Dell RecoverPoint CVSS 10.0 Under Active Exploitation — Your DR Infrastructure Is the Target

   <h3>The Threat</h3><p><strong>CVE-2026-22769</strong> is a hardcoded admin credential in Dell RecoverPoint's Apache Tomcat configuration, located at <code>/home/kos/tomcat9/tomcat-users.xml</code>. It enables <strong>unauthenticated WAR file deployment</strong> via <code>/manager/text/deploy</code>, yielding root-level code execution. The CVSS 10.0 score is earned: no authentication required, no user interaction, complete system compromise.</p><p>Mandiant and Google's GTIG documented active exploitation by <strong>UNC6201</strong>, who deploy the <strong>GRIMBOLT backdoor</strong> — a successor to BRICKSTORM compiled with native AOT to strip CIL metadata, making reverse engineering significantly harder. Post-exploitation is sophisticated: persistence via hijacking <code>convert_hosts.sh</code> (executed at boot via <code>rc.local</code>), lateral movement through <strong>Ghost NICs</strong> (phantom virtual network interfaces on VMs), and <strong>iptables-based Single Packet Authorization</strong> on compromised vCenter appliances.</p><blockquote>Once UNC6201 is in your disaster recovery infrastructure, they pivot silently through your entire VMware environment — and your EDR won't see it coming on port 9389 either.</blockquote><h3>The Compounding EDR Blind Spot</h3><p>Simultaneously, <strong>ADWSDomainDump</strong> — a publicly available tool — enumerates Active Directory via ADWS (port 9389) instead of LDAP, <strong>bypassing both Microsoft Defender for Endpoint and CrowdStrike Falcon</strong>. Any attacker with domain credentials can silently map your entire AD topology. This means even if you detect GRIMBOLT's initial foothold, the attacker's reconnaissance phase may be invisible to your two most common EDR platforms.</p><table><thead><tr><th>Indicator</th><th>Detail</th><th>Detection Action</th></tr></thead><tbody><tr><td>CVE-2026-22769</td><td>Hardcoded admin cred in Tomcat config</td><td>Patch immediately; verify tomcat-users.xml</td></tr><tr><td>Exploitation log</td><td>/home/kos/auditlog/fapi_cl_audit_log.log</td><td>Search for requests to /manager</td></tr><tr><td>Persistence</td><td>convert_hosts.sh modified, runs via rc.local</td><td>Hash comparison against known-good</td></tr><tr><td>GRIMBOLT</td><td>Native AOT C# backdoor, no CIL metadata</td><td>Deploy Mandiant YARA rules</td></tr><tr><td>Lateral movement</td><td>Ghost NICs + iptables SPA on vCenter</td><td>Audit vNIC inventory, iptables on vCenter</td></tr><tr><td>AD enumeration</td><td>ADWS on port 9389, bypasses EDR</td><td>Deploy network monitoring on port 9389</td></tr></tbody></table><h3>Why This Matters More Than a Typical CVE</h3><p>Disaster recovery infrastructure is the <strong>last line of defense</strong> in a ransomware scenario. If UNC6201 compromises your RecoverPoint environment, they own your backups. Combined with the ADWS blind spot, an attacker can map your AD, compromise your DR, and establish persistent C2 — all while your EDR reports clean.</p>

   Action items

   • Patch Dell RecoverPoint for Virtual Machines against CVE-2026-22769 and audit fapi_cl_audit_log.log for /manager requests immediately
   • Deploy Mandiant's published YARA rules for GRIMBOLT and sweep VMware environments for Ghost NICs and anomalous iptables rules on vCenter by end of day
   • Deploy network monitoring and custom detection rules for ADWS traffic on port 9389 by end of week
   • Verify convert_hosts.sh integrity via hash comparison against known-good baselines on all RecoverPoint appliances by end of day

   Sources:Android Firmware Malware 🚨, Dell Zero-Day Exploited 🖧, Password Manager Lies 🔓

2. 02

   Identity Trust Under Triple Attack: Password Managers Broken, Deepfakes Go Live, SSO Abuse Accelerates

   <h3>Password Manager Zero-Knowledge Claims: Empirically Shattered</h3><p>ETH Zurich's Applied Cryptography Group demonstrated <strong>25 attacks</strong> across Bitwarden (12), LastPass (7), and Dashlane (6) — products collectively serving approximately <strong>60 million users</strong>. The attacks break the "zero-knowledge encryption" guarantee using only lightweight server-impersonation tooling, not significant computational resources. Root cause: <strong>feature-bloat complexity and reliance on 1990s-era cryptographic primitives</strong>. Attack severity ranges from targeted vault integrity violations to full organizational vault compromise.</p><p><em>Full findings will be published at USENIX Security 2026 — expect weaponized tooling to follow shortly after.</em></p><h3>Real-Time Deepfakes Now Defeat Video Call Verification</h3><p>Tavus launched <strong>Phoenix-4</strong>, a real-time human rendering model generating AI avatars with full facial expressions, <strong>10+ emotional states</strong>, contextual reactions, and per-pixel face generation at <strong>40 FPS HD quality</strong>. This isn't a pre-recorded deepfake — it's a live, interactive avatar that responds emotionally in real-time. Multiple intelligence sources confirm the convergence: Google's Lyria 3 generates audio indistinguishable from real content, OpenAI's Sora produces convincing video, and Phoenix-4 handles live interaction.</p><blockquote>If your identity verification still treats a live video call as proof of identity, Tavus Phoenix-4 just made that assumption a vulnerability.</blockquote><h3>ShinyHunters: 15 Breaches via SSO Abuse in 7 Weeks</h3><p><strong>ShinyHunters</strong> claimed theft of 1.7 million CarGurus corporate records with a <strong>February 20 extortion deadline</strong>. This group has conducted 15 alleged breaches in 2026 alone, targeting financial firms, retail brands, and dating platforms. Their primary TTPs: <strong>social engineering and SSO abuse</strong> — not sophisticated zero-days, but high-volume identity-based attacks exploiting misconfigured federation and weak MFA.</p><table><thead><tr><th>Attack Vector</th><th>Scope</th><th>Detection Difficulty</th><th>Mitigation</th></tr></thead><tbody><tr><td>Password manager server compromise</td><td>~60M users across 3 vendors</td><td>High — requires server-side detection</td><td>Evaluate vendor response; consider alternatives</td></tr><tr><td>Real-time video deepfake</td><td>Any video call platform</td><td>Very High — no reliable automated detection</td><td>Out-of-band verification for high-value requests</td></tr><tr><td>SSO abuse / credential theft</td><td>15 breaches in 2026</td><td>Medium — detectable with proper logging</td><td>FIDO2/WebAuthn, conditional access hardening</td></tr></tbody></table>

   Action items

   • Contact your password manager vendor (Bitwarden, LastPass, or Dashlane) for their response to the ETH Zurich findings and brief your risk committee by end of next week
   • Update BEC/vishing playbooks immediately to remove video call presence as an identity verification factor and implement out-of-band confirmation for all wire transfers and credential resets
   • Enforce FIDO2/WebAuthn across all federated identity providers and audit conditional access policies using CAPSlock for offline Entra ID analysis by end of month
   • Add AI deepfake scenarios to the next security awareness training cycle, targeting finance, HR, and executive assistant roles

   Sources:Android Firmware Malware 🚨, Dell Zero-Day Exploited 🖧, Password Manager Lies 🔓 · 🎶 Google's play for the AI music mainstream · X crypto & stock trading 🪙, AI will shrink workforce 🤖, Affirm expands BNPL 💸

3. 03

   AI Agents Are Becoming Autonomous Insiders — Your Authorization Model Isn't Ready

   <h3>The Convergence</h3><p>Seven independent intelligence sources this cycle document the same pattern from different angles: <strong>AI agents are gaining execution authority faster than security frameworks can govern them</strong>. This isn't a single product launch — it's an industry-wide architectural shift with compounding security implications.</p><h4>Financial Execution Authority</h4><p>In fintech alone: <strong>Oracle</strong> is deploying 130 specialized AI agents for financial institutions by May, <strong>Ramp</strong> processes 100K expenses daily via AI (with a 1% error rate = 1,000 potential control failures/day), <strong>Klarna's</strong> chatbot replaced 800 human agents, and <strong>Visa and Mastercard</strong> are piloting agentic payments where AI agents autonomously initiate and approve transactions. Each represents a <strong>non-human identity with financial execution authority</strong> that traditional IAM was never designed to govern.</p><h4>Self-Replicating Autonomous Agents</h4><p>A developer has deployed <strong>'The Automaton'</strong> — an autonomous AI system that earns cryptocurrency onchain, pays for its own infrastructure via the <strong>x402 payment protocol</strong>, and spawns child agents that replicate the same capabilities. The capability gap between "earns onchain and pays for hosting" and "autonomously procures attack infrastructure" is trivially small. This <strong>decouples attack infrastructure from human operators</strong>, breaking traditional assumptions about disrupting adversary funding and attribution.</p><h4>CI/CD Pipeline Infiltration</h4><p><strong>GitHub Agentic Workflows</strong> (technical preview) allows AI coding agents to execute in GitHub Actions based on plain Markdown instructions. This creates prompt injection vectors via Markdown, agent autonomy without mandatory human review gates, and a new supply chain attack surface mapped to MITRE ATT&CK T1195.002.</p><h4>The Authorization Gap</h4><p>Traditional policy engines like <strong>AWS Cedar</strong> evaluate access based on predefined attributes and rules. But AI agents operate with delegated permissions, shifting context, and complex relationship graphs that change in real-time. Relationship-based access control (<strong>ReBAC</strong>) systems like SpiceDB and Google Zanzibar are architecturally necessary — static RBAC/ABAC cannot model dynamic agent-to-data relationships.</p><blockquote>If your AI agents are authorized by the same static policies you wrote for human users, you're building a privilege escalation vulnerability into your architecture — and the agents will find it before your red team does.</blockquote><h4>Shadow API Exposure via MCP</h4><p>Agoda's API Agent demonstrates a concerning pattern: <strong>zero-code transformation</strong> of any internal REST or GraphQL API into an MCP endpoint accessible by AI agents. Anthropic's Claude Sonnet 4.6 now supports <strong>1M token context windows</strong> with improved MCP connectors — a single misconfigured connection could ingest an entire financial model or customer database in one pass. This is available on the <em>free tier</em>.</p>

   Action items

   • Inventory all AI agents operating in your environment or deployed by vendors, and extend identity governance to cover non-human autonomous identities by end of quarter
   • Evaluate migration from static policy engines (RBAC/ABAC/Cedar) to ReBAC systems (SpiceDB, OpenFGA) for AI agent authorization decisions
   • Issue governance policy for GitHub Agentic Workflows requiring AppSec review before enabling on any repository, with mandatory human approval gates for agent-generated commits
   • Inventory MCP endpoints and API-to-agent bridges deployed by data and engineering teams and ensure coverage by API security controls by end of month
   • Add autonomous AI agent activity (x402 protocol, self-replicating onchain entities) to threat intelligence collection requirements

   Sources:Trust Through Data Lineage 🕸️, Auto-Healing Spark Memory ⚙️, BI Built in SQL 📊 · X crypto & stock trading 🪙, AI will shrink workforce 🤖, Affirm expands BNPL 💸 · 🎶 Google's play for the AI music mainstream · Meta smartwatch ⌚, Zuckerberg testifies ⚖️, GitHub Agentic Workflows 🤖 · Web 4.0 & Automatons 🤖, Theil Exits EthZilla 🏃, The Nakamoto Heist 🦹 · PostgreSQL bloat 🐼, React Doctor 🧑‍⚕️, disposable interfaces ⚡️

4. 04

   Iran Escalation Watch: Largest US Military Buildup Since 2003 Signals Elevated Cyber Retaliation Risk

   <h3>Situation</h3><p>Three independent sources confirm the Pentagon is massing the <strong>largest airpower deployment in the Middle East in over two decades</strong>, including the USS Abraham Lincoln Carrier Strike Group. Officials told the New York Times that strikes on Iran could come <strong>as soon as this weekend</strong>. This follows a US strike on Iran's nuclear program in June 2025. Diplomatic talks in Geneva produced what the White House called "a little bit of progress" — which, in diplomatic language, means almost none.</p><h3>Historical Cyber Correlation</h3><p>Iranian state-sponsored groups have a well-documented pattern of escalating cyber operations during military tensions with the US. The threat actors to prioritize:</p><table><thead><tr><th>Threat Actor</th><th>Attribution</th><th>Primary TTPs</th><th>Typical Targets</th></tr></thead><tbody><tr><td><strong>APT33/Elfin</strong></td><td>IRGC-linked</td><td>Destructive wipers (Shamoon variants), password spraying</td><td>Energy, aerospace, defense</td></tr><tr><td><strong>APT34/OilRig</strong></td><td>MOIS</td><td>DNS tunneling, credential harvesting, supply chain compromise</td><td>Government, financial, telecom</td></tr><tr><td><strong>APT35/Charming Kitten</strong></td><td>IRGC</td><td>Spearphishing, credential theft, social engineering</td><td>Think tanks, media, government officials</td></tr><tr><td><strong>MuddyWater</strong></td><td>MOIS</td><td>Living-off-the-land, PowerShell abuse</td><td>Government, telecom, IT services</td></tr></tbody></table><p>Key MITRE ATT&CK techniques to prioritize: <strong>T1078</strong> (Valid Accounts), <strong>T1190</strong> (Exploit Public-Facing Application), <strong>T1485</strong> (Data Destruction), T1071 (Application Layer Protocol for C2), and T1059.001 (PowerShell). Iranian actors have historically targeted <strong>VPN appliances and edge devices</strong> — unpatched Fortinet, Pulse Secure, or Citrix in your perimeter elevates your exposure significantly.</p><blockquote>When the largest US military buildup since 2003 is pointed at Iran, your SOC should already be hunting for APT33 and APT34 indicators — not waiting for the first CISA emergency directive.</blockquote><p><em>Note: The geopolitical intelligence comes from general news sources, not dedicated threat intelligence feeds. Validate against CISA's Iran Cyber Threat Overview and your commercial threat intel providers for technical indicators.</em></p>

   Action items

   • Brief SOC on elevated Iranian cyber threat posture and refresh IOC feeds from CISA's Iran-specific advisories this week
   • Verify detection rules for destructive wiper malware (ZeroCleare, Dustman patterns), credential harvesting, and VPN exploitation are active and tested by Friday
   • Confirm offline backup integrity and test restoration procedures, specifically validating backups are isolated from network-accessible systems
   • Audit perimeter for unpatched Fortinet, Pulse Secure, and Citrix appliances and prioritize patching by end of week

   Sources:☕️ Just one glitch · Are you joining the boycott? · Today in Politics, Bulletin 311. 2/19/26