CN

UNC6201UNC6201

Also known as: UNC6201

Origin
CN
Known aliases
1

Profile

UNC6201 is a sophisticated Chinese state-sponsored hacking group that exploited CVE-2026–22769, a critical vulnerability in Dell RecoverPoint for Virtual Machines appliances, to establish a persistent presence. They deployed a permanent backdoor using techniques like Single Packet Authorization and "Port Knocking." Unlike typical hackers who conceal their activities within the Operating System, UNC6201 operated at the Virtualization Layer to avoid detection.

Aliases· 1

UNC6201

References

  1. https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC2659
Actor
UNC6691
Actor
UNC6148
Actor
UNC2630
Actor
UNC3886
Actor
UNC6384
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.