1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • SentinelOne targeted by Chinese espionage campaign probing custom

    From TechnologyDaily@1337:1/100 to All on Wed Apr 30 16:15:07 2025
    SentinelOne targeted by Chinese espionage campaign probing customers and infrastructure

    Date:
    Wed, 30 Apr 2025 15:00:00 +0000

    Description:
    Chines and North Korean state-sponsored actors are trying really hard to wiggle their way into SentinelOne and its high-value clients.

    FULL STORY ======================================================================Sentinel One says it identified hundreds of fake personas applying for a job at the company At the same time, Chinese state-sponsored actors are targeting both the company and its clients The threat actors are also targeting government-aligned firms in South Asia

    North Korean and Chinese state-sponsored threat actors have been targeting SentinelOne and its clients, the company claimed in a recent analysis.

    SentinelOne is a cybersecurity company providing autonomous endpoint protection using artificial intelligence (AI) and machine learning (ML).

    Its clients include Fortune 10 and Global 2000 enterprises, government agencies, and managed service providers, across different industries. Some of the more notable names include Amazon, Samsung, and Bloomberg. The Chinese
    are there, too

    In a new article titled Top Tier Target | What It Takes to Defend a Cybersecurity Company from Todays Adversaries, authors Tom Hegel, Aleksandar Milenkoski, and Jim Walter explained that in the last couple of months, cybercriminals from North Korea were persistently trying to get a job in the company. The company said it is now tracking some 360 fake personas and more than 1,000 job applications linked to DPRK IT worker operations applying for roles at SentinelOne and SentinelLabs Intelligence.

    At the same time, Chinese actors were trying to conduct cyber-espionage, not just against SentinelOne, but its high-value clients, as well.

    One notable set of activity, occurring over the previous months, involved reconnaissance attempts against SentinelOnes infrastructure and specific high value organizations we defend, the authors said. We first became aware of
    this threat cluster during a 2024 intrusion conducted against an organization previously providing hardware logistics services for SentinelOne employees.

    The researchers said the group running these attacks is called PurpleHaze, a threat actor that was also seen targeting a South Asian government-supporting entity in late 2024. In this attack, it used an operational relay box (ORB) network and the GoReShell Windows backdoor .

    "The use of ORB networks is a growing trend among these threat groups, since they can be rapidly expanded to create a dynamic and evolving infrastructure that makes tracking cyberespionage operations and their attribution challenging," the researchers stressed.

    Via The Hacker News You might also like Chinese government hackers allegedly spent years undetected in foreign phone networks Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/sentinelone-targeted-by-chinese-espiona ge-campaign-probing-customers-and-infrastructure


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)