CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
Cybersecurity firm SentinelOne has become a prime target for state-sponsored threat actors from China and North Korea. SentinelOne, which provides autonomous endpoint protection using AI and machine learning to Fortune 10 and Global 2000 enterprises, government agencies, and managed service providers, is facing persistent cyber espionage and infiltration attempts. A recent analysis by SentinelOne revealed that Chinese actors are actively targeting both the company and its high-value clients, engaging in reconnaissance activities against SentinelOne’s infrastructure and specific organizations they defend.
SentinelOne uncovered a China-nexus threat cluster dubbed PurpleHaze, which conducted reconnaissance attempts against its infrastructure and some of its high-value customers. Researchers first became aware of this group during a 2024 intrusion against an organization that was previously providing hardware logistics services for SentinelOne employees. PurpleHaze is assessed to be a hacking crew with loose ties to another state-sponsored group known as APT15 and has been observed targeting a South Asian government-supporting entity, employing an operational relay box (ORB) network and a Windows backdoor dubbed GoReShell.
North Korean actors have also been targeting SentinelOne, attempting to infiltrate the company through a fake IT worker campaign. The company is tracking approximately 360 fake personas and over 1,000 job applications linked to DPRK IT worker operations applying for roles at SentinelOne and SentinelLabs Intelligence. SentinelOne has warned of threat actors targeting its systems and high-value clients, emphasizing that cybersecurity providers are attractive targets due to the potential for significant compromise and the insights into how thousands of environments and millions of endpoints are protected.
ImgSrc: blogger.googleu
References :
SentinelOne uncovered a China-nexus threat cluster dubbed PurpleHaze, which conducted reconnaissance attempts against its infrastructure and some of its high-value customers. Researchers first became aware of this group during a 2024 intrusion against an organization that was previously providing hardware logistics services for SentinelOne employees. PurpleHaze is assessed to be a hacking crew with loose ties to another state-sponsored group known as APT15 and has been observed targeting a South Asian government-supporting entity, employing an operational relay box (ORB) network and a Windows backdoor dubbed GoReShell.
North Korean actors have also been targeting SentinelOne, attempting to infiltrate the company through a fake IT worker campaign. The company is tracking approximately 360 fake personas and over 1,000 job applications linked to DPRK IT worker operations applying for roles at SentinelOne and SentinelLabs Intelligence. SentinelOne has warned of threat actors targeting its systems and high-value clients, emphasizing that cybersecurity providers are attractive targets due to the potential for significant compromise and the insights into how thousands of environments and millions of endpoints are protected.
ImgSrc: blogger.googleu
Share:
References :
- securityaffairs.com: SentinelOne warns of threat actors targeting its systems and high-value clients
- The Hacker News: SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients
- www.techradar.com: SentinelOne targeted by Chinese espionage campaign probing customers and infrastructure
- www.scworld.com: Report: Cyber threats bombard cybersecurity vendors
Classification:
- HashTags: #Cybersecurity #Espionage #APT
- Company: SentinelOne
- Target: SentinelOne
- Attacker: North Korean APT
- Product: SentinelOne
- Feature: Reconnaissance
- Type: Espionage
- Severity: Medium