China's Cyber Spies Played Hide and Seek in Your Power Grid for 18 Months and Nobody Noticed episode artwork

EPISODE · Feb 18, 2026 · 3 MIN

China's Cyber Spies Played Hide and Seek in Your Power Grid for 18 Months and Nobody Noticed

from Digital Frontline: Daily China Cyber Intel · host Inception Point AI

This is your Digital Frontline: Daily China Cyber Intel podcast. Hey there, I'm Ting, and welcome back to Digital Frontline. Buckle up because the past 24 hours have been absolutely wild in the China cyber space, and I've got some seriously important intel to break down for you. Let's start with the big one. Google's Threat Intelligence Group and Mandiant just dropped a bombshell about a Chinese APT group called UNC6201 that's been silently exploiting a critical Dell RecoverPoint vulnerability since mid-2024. We're talking about CVE-2026-22769, a perfect ten on the severity scale. These folks discovered hardcoded administrator credentials buried in Dell RecoverPoint for Virtual Machines that came straight from Apache Tomcat. Unauthenticated attackers could use these credentials to gain root-level access and establish persistence. The kicker? They've been doing this for at least 18 months, and Dell only just released a patch today. But here's where it gets creepier. UNC6201 deployed multiple backdoors including Brickstorm and a newer, more sophisticated malware called Grimbolt. This second-generation backdoor is written in C Sharp and compiled using native ahead-of-time techniques to evade detection. It's basically weaponized stealth. They were targeting edge appliances and VMware infrastructure, creating what researchers call ghost NICs, or fake network interface cards, to pivot silently through victim networks. Google reports that dozens of U.S. organizations have already been compromised, though the full scope remains unknown. Now, stepping back to the bigger picture, security firm Dragos released their annual threat report yesterday revealing that a Beijing-backed group tracked as Voltzite, highly correlated with the infamous Volt Typhoon, continued embedding malware inside American energy infrastructure throughout 2025. Their goal? Taking down critical utilities. They're not stealing intellectual property here, listeners. They're positioning themselves inside the control systems that manage industrial processes for future disruption and sabotage. Dragos also identified three new state-sponsored threat groups targeting critical infrastructure. One called Sylvanite serves as an initial access broker for Voltzite, exploiting known vulnerabilities in F5, Ivanti, and SAP products within 48 hours of disclosure. Another group, Azurite, overlaps with China's Flax Typhoon and focuses on stealing operational files from engineering workstations. These aren't random attacks. This is coordinated, sophisticated infrastructure warfare. The takeaway for your organization? Patch everything immediately, especially Dell RecoverPoint and internet-facing network devices. Monitor your OT and edge networks aggressively. Get your incident response teams ready because these groups are patient, persistent, and actively dwelling in networks longer than 400 days undetected. Thanks for tuning in to Digital Frontline. Please subscribe for tomorrow's update. This ha This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Frontline: Daily China Cyber Intel podcast. Hey there, I'm Ting, and welcome back to Digital Frontline. Buckle up because the past 24 hours have been absolutely wild in the China cyber space, and I've got some seriously important intel to break down for you. Let's start with the big one. Google's Threat Intelligence Group and Mandiant just dropped a bombshell about a Chinese APT group called UNC6201 that's been silently exploiting a critical Dell RecoverPoint vulnerability since mid-2024. We're talking about CVE-2026-22769, a perfect ten on the severity scale. These folks discovered hardcoded administrator credentials buried in Dell RecoverPoint for Virtual Machines that came straight from Apache Tomcat. Unauthenticated attackers could use these credentials to gain root-level access and establish persistence. The kicker? They've been doing this for at least 18 months, and Dell only just released a patch today. But here's where it gets creepier. UNC6201 deployed multiple backdoors including Brickstorm and a newer, more sophisticated malware called Grimbolt. This second-generation backdoor is written in C Sharp and compiled using native ahead-of-time techniques to evade detection. It's basically weaponized stealth. They were targeting edge appliances and VMware infrastructure, creating what researchers call ghost NICs, or fake network interface cards, to pivot silently through victim networks. Google reports that dozens of U.S. organizations have already been compromised, though the full scope remains unknown. Now, stepping back to the bigger picture, security firm Dragos released their annual threat report yesterday revealing that a Beijing-backed group tracked as Voltzite, highly correlated with the infamous Volt Typhoon, continued embedding malware inside American energy infrastructure throughout 2025. Their goal? Taking down critical utilities. They're not stealing intellectual property here, listeners. They're positioning themselves inside the control systems that manage industrial processes for future disruption and sabotage. Dragos also identified three new state-sponsored threat groups targeting critical infrastructure. One called Sylvanite serves as an initial access broker for Voltzite, exploiting known vulnerabilities in F5, Ivanti, and SAP products within 48 hours of disclosure. Another group, Azurite, overlaps with China's Flax Typhoon and focuses on stealing operational files from engineering workstations. These aren't random attacks. This is coordinated, sophisticated infrastructure warfare. The takeaway for your organization? Patch everything immediately, especially Dell RecoverPoint and internet-facing network devices. Monitor your OT and edge networks aggressively. Get your incident response teams ready because these groups are patient, persistent, and actively dwelling in networks longer than 400 days undetected. Thanks for tuning in to Digital Frontline. Please subscribe for tomorrow's update. This ha This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

China's Cyber Spies Played Hide and Seek in Your Power Grid for 18 Months and Nobody Noticed

0:00 3:34

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Darknet Discussions Darknet Discussions Welcome to "Darknet Discussions," the podcast that gets into the shadows of the internet to bring you the most intriguing, enlightening, and sometimes unsettling stories from the dark web. Hosted by seasoned darknet aficionados, each episode of "Darknet Discussions" explores the intricate dynamics of darknet markets, cybersecurity threats, and the digital underworld. Join us as we interview experts, discuss the latest trends in cybercrime, and shed light on the technologies that operate beneath the surface of everyday internet use. Also, we occasionally go off on a tangent about something completely unrelated. The Digital Experience Show by Enonic Enonic All you need to know about digital strategy, digital experiences, and CMS are covered in this podcast. Powered by NotebookLM. Christadelphian Encouragements CE.captivate.fm Christadelphian Encouragements provides sermons, exhortations, bible studies, memorials, and daily readings from around the world. Please visit ChristadelphianEncouragements.Com and our content creators websites for more information and Christian audio content. CISO Perspectives (public) N2K Networks This season on CISO Perspectives, host Kim Jones explores some of the challenges of leading through uncertainty. We explore the complexity of the changing nature of regulation and working with the federal government, the evolution of privacy and fraud, and how emerging technologies like AI and quantum computing are changing cyber. When you don’t know what questions to ask, you’re afraid to ask, or don’t know who to ask, CISO Perspectives provides the foundation for learning in this brave new world.

Frequently Asked Questions

How long is this episode of Digital Frontline: Daily China Cyber Intel?

This episode is 3 minutes long.

When was this Digital Frontline: Daily China Cyber Intel episode published?

This episode was published on February 18, 2026.

What is this episode about?

This is your Digital Frontline: Daily China Cyber Intel podcast. Hey there, I'm Ting, and welcome back to Digital Frontline. Buckle up because the past 24 hours have been absolutely wild in the China cyber space, and I've got some seriously...

Can I download this Digital Frontline: Daily China Cyber Intel episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!