UNC6201

Nation: China · 2 tracked threat(s) · Categories: VULNERABILITY, ZERO_DAY

Also known as: Silk Typhoon (overlaps), UNC5221 (related), Warp Panda, Clay Typhoon, HAFNIUM, Operation Exchange Marauder, Silk Typhoon

Tracked threats

Dell RecoverPoint Hardcoded Credentials RCE + UNC6201 GRIMBOLT Backdoor (CVE-2026-22769) — CRITICAL
Dell RecoverPoint for VMs Zero-Day (CVE-2026-22769) — CVSS 10.0, PRC-Nexus UNC6201/Silk Typhoon, BRICKSTORM/GRIMBOLT/SLAYSTYLE, VMware Ghost NIC Pivoting, iptables SPA — CRITICAL

Full actor intelligence — infrastructure, IOCs, detection coverage and operator fingerprints — is available via the Threadlinqs MCP server (Purple tier). View plans →

Threadlinqs Intelligence