UNC6201
Intelligence Profile
UNC6201 is a sophisticated Chinese state-sponsored hacking group that exploited CVE-2026–22769, a critical vulnerability in Dell RecoverPoint for Virtual Machines appliances, to establish a persistent presence. They deployed a permanent backdoor using techniques like Single Packet Authorization and "Port Knocking." Unlike typical hackers who conceal their activities within the Operating System, UNC6201 operated at the Virtualization Layer to avoid detection.
Threat Analysis
UNC6201 is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of unknown activity patterns.
Known Campaigns
UNC6201 is a unknown-motivation threat actor attributed to China. UNC6201 is a sophisticated Chinese state-sponsored hacking group that exploited CVE-2026–22769, a critical vulnerability in Dell RecoverPoint for Virtual Machines appliances, to establish a persistent presence. They deployed a permanent backdoor using techniques like Single Packe...