APT / THREAT GROUP

UNC6201

🇨🇳China-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

UNC6201 is a sophisticated Chinese state-sponsored hacking group that exploited CVE-2026–22769, a critical vulnerability in Dell RecoverPoint for Virtual Machines appliances, to establish a persistent presence. They deployed a permanent backdoor using techniques like Single Packet Authorization and "Port Knocking." Unlike typical hackers who conceal their activities within the Operating System, UNC6201 operated at the Virtualization Layer to avoid detection.

Threat Analysis

UNC6201 is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

UNC6201 — Active Operations March 2026

UNC6201 is a unknown-motivation threat actor attributed to China. UNC6201 is a sophisticated Chinese state-sponsored hacking group that exploited CVE-2026–22769, a critical vulnerability in Dell RecoverPoint for Virtual Machines appliances, to establish a persistent presence. They deployed a permanent backdoor using techniques like Single Packe...

ACTIVEMEDIUM2026

Intelligence Reports Mentioning UNC6201

External References

Quick Facts

TypeAPT / Threat Group
Origin🇨🇳 China
Aliases1
SourceMalpedia

Also Known As

UNC6201

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.