they hardcoded the password. thats the hack.

A Chinese threat actor known as Silk Typhoon (UNC5221) is actively exploiting CVE-2026-22769 in Dell RecoverPoint virtual machine management software. The vulnerability stems from a hardcoded admin password embedded in the software binary, which can be trivially extracted using the 'strings' command. Because the same password is used across all deployments, attackers can use it to deploy a malicious WAR file to the Tomcat server, execute code as root, and install a C-based backdoor called Grimble. The video explains symmetric vs. asymmetric cryptography to illustrate why shared hardcoded keys are dangerous, and proposes solutions like per-deployment key rolling or PKI-based authentication. Silk Typhoon's broader tactics are also covered, including exploiting VPN concentrators and using hidden network interfaces with iptables rules to evade monitoring. Detection signatures from Google Threat Intelligence are shared for defenders using Dell RecoverPoint.